The vulnerability identified as CVE-2024-51645 affects the ThemeFuse Maintenance Mode plugin up to version 1.1.3. It is a CSRF vulnerability that enables an attacker to execute stored XSS attacks by tricking an authenticated user into submitting a crafted request. The CVSS 3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability at a low level. No official patch or vendor advisory is currently provided in the available data.

Successful exploitation of this vulnerability can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the affected site, potentially compromising user sessions, defacing the site, or redirecting users to malicious sites. The CSRF aspect means attackers can induce authenticated users to perform unwanted actions without their consent. The impact affects confidentiality, integrity, and availability at a low level but is significant due to the stored XSS vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the ThemeFuse Maintenance Mode plugin or applying any recommended temporary mitigations from the vendor. Additionally, restricting access to the plugin's administrative functions and ensuring users are cautious about unsolicited links can reduce risk.