CVE-2024-9775: 
WordPress vulnerability analysis and mitigation

The Anih - Creative Agency WordPress Theme for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-9775) that affects all versions up to and including 2024. The vulnerability exists in the admin settings due to an incomplete blacklist, insufficient input sanitization, and output escaping (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 4.8 (Medium) according to NIST and 5.5 (Medium) according to Wordfence. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires high privileges but can be exploited with low attack complexity (NVD).

When exploited, this vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page. The impact is limited to multi-site installations and installations where unfiltered_html has been disabled (NVD).

Users should update to a version newer than 2024 when available. Since this is a recently disclosed vulnerability, users should monitor the theme developer's updates and implement any security patches as soon as they become available (Themeforest).