The vulnerability CVE-2024-51633 affects the ivycat Simple Page Specific Sidebars plugin through a CSRF flaw that enables stored XSS attacks. This means an attacker could trick an authenticated user into submitting a request that results in malicious script being stored and executed in the context of the affected application. The issue impacts all versions up to 2.14.1. The CVSS 3.1 base score of 7.1 reflects network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow an attacker to execute stored XSS attacks via CSRF, potentially leading to unauthorized actions performed with the privileges of an authenticated user. This can result in partial compromise of confidentiality, integrity, and availability of the affected system. However, no known exploits in the wild have been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is available, users should monitor vendor communications for updates. Until a fix is released, consider implementing CSRF protections such as verifying anti-CSRF tokens and restricting actions to trusted users. Avoid clicking on untrusted links while authenticated to the affected application.