CVE-2024-9214: 
WordPress vulnerability analysis and mitigation

The Extra Product Options Builder for WooCommerce plugin for WordPress (CVE-2024-9214) contains a Stored Cross-Site Scripting vulnerability affecting versions up to and including 1.2.133. The vulnerability exists in the 'RednaoSerializedFields' parameter during the creation of a signature file due to insufficient input sanitization and output escaping (NVD).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 6.1 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability stems from improper input validation and output escaping in the signature file creation functionality (Wordfence).

When exploited, this vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially leading to data theft, session hijacking, or other client-side attacks (NVD).

Users should update to a version newer than 1.2.133 as soon as it becomes available. The vulnerability has been addressed in the WordPress plugin repository through a patch (WordPress Plugin).