CVE-2024-49261 is an XSS vulnerability in the Arkhe Blocks WordPress plugin by Ryo, present in versions up to 2.23.0. It results from improper input neutralization during web page generation, allowing attackers with low privileges and requiring user interaction to inject malicious scripts. The vulnerability has a CVSS v3.1 base score of 6.5, reflecting medium severity with network attack vector, low attack complexity, and partial impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and no exploits are known in the wild.

Successful exploitation could allow an attacker with low privileges to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of information, modification of data, or disruption of service. The impact is limited by the requirement for user interaction and the attacker's privileges. No evidence of active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with user input and consider applying temporary mitigations such as input validation or disabling the affected plugin if feasible. Monitor for updates from the vendor regarding patches or official fixes.