CVE-2024-6752: 
WordPress vulnerability analysis and mitigation

The Social Auto Poster plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-6752) in versions up to and including 5.3.14. The vulnerability exists in the 'wpname' parameter within the 'wpwautopostermapwordpresspost_type' AJAX function due to insufficient input sanitization and output escaping (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 Base Score of 5.4 (MEDIUM) according to NIST's assessment (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Wordfence has assigned a slightly higher CVSS score of 6.4 (MEDIUM) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising the security of site visitors (NVD).

Users should update to a version newer than 5.3.14 of the Social Auto Poster plugin to address this vulnerability. The issue has been fixed in subsequent releases (CodeCanyon).