This vulnerability (CVE-2024-30555) involves improper input sanitization in the Ultimate Social Comments – Email Notification & Lazy Load plugin, leading to stored cross-site scripting (CWE-79). An attacker could inject malicious scripts that are stored and later executed in the context of users viewing the affected web pages. The issue affects all versions up to 1.4.8. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low and low respectively. No patch or official remediation level has been published by the vendor as of the data provided.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to information disclosure, session hijacking, or other impacts on confidentiality, integrity, and availability. The CVSS score of 6.5 reflects a medium severity impact. There are no known active exploits reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or limiting use of the affected plugin to reduce exposure. Implementing web application firewalls (WAF) with XSS protections may help mitigate exploitation risk. Monitor vendor channels for updates or patches.