CVE-2024-8728: 
WordPress vulnerability analysis and mitigation

The Easy Load More plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-8728) affecting all versions up to and including 1.0.3. The vulnerability stems from improper use of addqueryarg without appropriate escaping on URLs (NVD).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 6.1 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N), and user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. This could lead to the compromise of user sessions, theft of sensitive information, or manipulation of webpage content (NVD).

Users should update their Easy Load More plugin to a version newer than 1.0.3 if available. If an update is not possible, consider disabling the plugin until a patch is released (NVD).