CVE-2024-47631 describes a stored cross-site scripting vulnerability in the bPlugins Logo Carousel – Clients logo carousel for WordPress plugin versions up to 1.2. The vulnerability is due to improper input neutralization during web page generation, which allows an attacker with low privileges and requiring user interaction to inject malicious scripts. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability. No patch or official fix has been documented, and no known exploits have been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to unauthorized disclosure of information, modification of content, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. However, exploitation requires user interaction and low privileges, which somewhat limits the attack scope.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider limiting the use of the affected plugin or restricting input that could be exploited. Monitoring for updates from bPlugins is recommended to apply any forthcoming patches promptly.