The vulnerability CVE-2024-51684 affects the W3P SEO plugin by Ciprian Popescu, allowing CSRF attacks that result in stored XSS. The issue exists in versions before 1.8.6 and permits attackers to trick authenticated users into executing unwanted actions, leading to persistent script injection. The CVSS score of 7.1 indicates a high impact with network attack vector, low attack complexity, no privileges required, and user interaction needed. The vulnerability impacts confidentiality, integrity, and availability to a limited extent.

Successful exploitation can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the affected site. This can compromise user sessions, deface content, or redirect users to malicious sites. The CSRF aspect means attackers can induce authenticated users to perform unintended actions, increasing the risk of persistent compromise. The overall impact affects confidentiality, integrity, and availability at a low level but is significant due to the stored XSS component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider disabling or removing the affected plugin to mitigate risk. Avoid clicking on suspicious links that could trigger CSRF attacks and ensure users have limited privileges where possible.