The vulnerability CVE-2024-51822 affects keonthemes Creative Blocks up to version 1.0.1. It is a stored cross-site scripting (XSS) flaw caused by improper neutralization of input during web page generation. This allows an attacker with at least low privileges and requiring user interaction to inject malicious scripts that execute in the context of other users. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, low privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this stored XSS vulnerability can lead to partial disclosure of sensitive information, modification of data, and disruption of service within the affected application context. The attacker can execute arbitrary scripts in the victim's browser, potentially leading to session hijacking or other malicious actions limited to the application's scope.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply strict input validation and output encoding as a temporary mitigation. Monitor for updates from keonthemes regarding a security patch for Creative Blocks.