CVE-2024-56267: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Fla-shop.com's Interactive UK Map WordPress plugin, affecting versions up to 3.4.8. The vulnerability was disclosed on December 30, 2024, and was assigned the identifier CVE-2024-56267 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) with a CVSS v3.1 base score of 7.1 (HIGH). The attack vector is characterized as Network (N) with Low attack complexity (L), requiring no privileges (PR:N) but user interaction (UI:R), with a Changed scope (S:C) and Low impacts on confidentiality, integrity, and availability (Patchstack).

The vulnerability allows for Cross-Site Request Forgery (CSRF) attacks that could enable malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The vulnerability has been assessed with a CVSS score of 7.1, indicating a significant potential impact on affected systems (Patchstack).

The vulnerability has been fixed in version 3.4.9 of the Interactive UK Map plugin. Users are advised to update to this version or later to remove the vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).