CVE-2024-3491 is a stored cross-site scripting vulnerability classified under CWE-79, found in the Schema & Structured Data for WP & AMP plugin for WordPress, developed by magazine3. This vulnerability affects all versions up to and including 1.29. The root cause is insufficient sanitization and escaping of user-supplied input within the plugin’s "How To" and "FAQ" content blocks. Authenticated users with contributor-level permissions or higher can inject arbitrary JavaScript code into these blocks. Because the injected scripts are stored persistently in the WordPress database, they execute in the context of any user who visits the affected page, including administrators and other privileged users. This can lead to session hijacking, unauthorized actions, or further exploitation of the site. The vulnerability requires authentication but no user interaction to trigger the payload once injected. The CVSS 3.1 score is 6.4, reflecting network attack vector, low attack complexity, privileges required, no user interaction, and partial confidentiality and integrity impact with no availability impact. No official patches or exploit code are currently publicly available, but the vulnerability is published and should be addressed promptly.

The impact of CVE-2024-3491 is significant for organizations running WordPress sites with the affected Schema & Structured Data for WP & AMP plugin. An attacker with contributor-level access can inject malicious scripts that execute in the browsers of site visitors, including administrators. This can lead to theft of authentication cookies, defacement, unauthorized actions performed with elevated privileges, and potential pivoting to further attacks within the network. Since the vulnerability affects all versions up to 1.29, many sites may be exposed if not updated. The scope includes any WordPress installation using this plugin, which is popular for SEO and structured data enhancements. The attack vector is remote and network-based, requiring only contributor-level authentication, which is a relatively low privilege level in WordPress. This broadens the risk, especially in environments where contributor accounts are more easily obtained or compromised. The vulnerability does not impact availability but compromises confidentiality and integrity, potentially leading to data breaches and reputational damage.

To mitigate CVE-2024-3491, organizations should immediately update the Schema & Structured Data for WP & AMP plugin to a version that addresses this vulnerability once released by the vendor. Until a patch is available, administrators should restrict contributor-level permissions strictly and audit existing contributor accounts for suspicious activity. Implementing a Web Application Firewall (WAF) with rules to detect and block typical XSS payloads targeting the plugin’s blocks can reduce risk. Additionally, site owners should enforce Content Security Policy (CSP) headers to limit script execution sources, reducing the impact of injected scripts. Regular security scanning and monitoring for unusual content in "How To" and "FAQ" blocks can help detect exploitation attempts. Educating users with contributor access about safe input practices and monitoring plugin updates from magazine3 are also critical. Finally, consider disabling or replacing the plugin if immediate patching is not feasible.