CVE-2024-5713: 
WordPress vulnerability analysis and mitigation

The If-So Dynamic Content Personalization WordPress plugin before version 1.8.0.4 contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability exists because the plugin does not properly escape the $SERVER['REQUESTURI'] parameter before outputting it back in an attribute, which could lead to XSS attacks particularly in older web browsers (WPScan, NVD).

The vulnerability stems from improper sanitization of the $SERVER['REQUESTURI'] parameter in the plugin's code. When this parameter is output back in an attribute without proper escaping, it creates a potential XSS attack vector. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers, particularly those using older web browser versions. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks (WPScan).

The vulnerability has been fixed in version 1.8.0.4 of the If-So Dynamic Content Personalization plugin. Site administrators are advised to update to this version or later to protect against potential XSS attacks (WPScan).