CVE-2024-8664: 
WordPress vulnerability analysis and mitigation

The WP Test Email plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-8664) that affects all versions up to and including 1.1.7. The vulnerability stems from improper use of addqueryarg without appropriate URL escaping (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 6.1 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is changed (S:C) with low confidentiality (C:L) and integrity (I:L) impacts, and no availability impact (A:N) (NVD).

If successfully exploited, this vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. This could lead to potential theft of sensitive information or manipulation of user sessions (NVD).

Users should update to a version newer than 1.1.7 when available. Until then, website administrators should exercise caution when handling URLs and consider implementing additional security measures to filter or sanitize URL parameters (NVD).