CVE-2024-6665: 
WordPress vulnerability analysis and mitigation

The KBucket: Your Curated Content WordPress plugin versions before 4.1.6 contains a security vulnerability identified as CVE-2024-6665. The vulnerability was discovered by Vuln Seeker Cybersecurity Team and publicly disclosed on June 5, 2024. This security flaw affects the plugin's settings functionality, where certain settings are not properly sanitized and escaped (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS score of 3.5 (low). The security flaw exists because the plugin does not properly sanitize and escape some of its settings, particularly affecting high privilege users such as administrators, even when the unfiltered_html capability is disallowed in multisite setups (WPScan, Wiz).

The vulnerability enables high-privilege users to inject and store malicious JavaScript code that would execute when other users access affected pages. This is particularly concerning in multisite WordPress installations where even admin users are typically restricted from using unfiltered HTML (WPScan).

The vulnerability has been patched in version 4.1.6 of the KBucket plugin. Users are advised to update to this version or later to protect against this security issue (WPScan).