CVE-2024-24700 is a reflected cross-site scripting vulnerability (CWE-79) in the Benjamin Rojas WP Editor plugin for WordPress, affecting versions through 1.2.8. The vulnerability is due to improper input neutralization during web page generation, enabling attackers to inject malicious scripts that execute in users' browsers. The CVSS score of 7.1 reflects a high severity with network attack vector and low complexity, requiring no privileges but user interaction. There is no vendor-provided patch or official remediation at this time, and no known exploits have been observed in the wild.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to information disclosure, modification of data, or disruption of availability. The reflected XSS nature requires user interaction, such as clicking a crafted link. The impact affects confidentiality, integrity, and availability as indicated by the CVSS vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid using untrusted input in contexts processed by the WP Editor plugin and consider disabling or replacing the plugin if possible. Monitor official Benjamin Rojas or WP Editor advisories for updates and patches.