This vulnerability (CVE-2024-29910) in the Alordiel Dropdown Multisite selector plugin is a stored cross-site scripting (CWE-79) flaw caused by improper input neutralization during web page generation. It affects all versions up to 0.9.2. An attacker could inject malicious scripts that are stored and later executed in the context of users viewing the affected pages. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, requiring privileges and user interaction, with impact on confidentiality, integrity, and availability. No official patch or vendor remediation level has been published yet.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users' browsers, potentially leading to data theft, session hijacking, or other client-side impacts. The vulnerability affects confidentiality, integrity, and availability to a limited extent as per the CVSS vector. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting privileges for users who can input data into the affected plugin and apply web application firewall (WAF) rules to detect and block XSS payloads related to this plugin. Monitor vendor channels for updates and apply patches promptly once available.