The vulnerability CVE-2024-51847 in the WP PagSeguro Payments WordPress plugin is a stored cross-site scripting issue caused by improper input neutralization during web page generation. This allows an attacker with low privileges to inject malicious scripts that execute when other users view the affected content. The vulnerability affects all versions up to 1.0. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, with a scope change and impacts on confidentiality, integrity, and availability at a low level. No patch or mitigation details are currently provided by the vendor or authoritative sources.

Successful exploitation of this stored XSS vulnerability can lead to execution of arbitrary scripts in the context of the affected web application, potentially allowing attackers to steal sensitive information, manipulate content, or disrupt availability. The impact is rated medium based on the CVSS score of 6.5, reflecting limited privileges required and the need for user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, administrators should consider restricting plugin usage to trusted users and monitor for suspicious activity related to input fields. Avoid exposing the plugin to untrusted users where possible. No official patch or workaround is currently documented.