CVE-2024-5884 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Beauty theme for WordPress, versions up to and including 1.1.4. The vulnerability stems from improper neutralization of input during web page generation, specifically through the 'tpl_featured_cat_id' parameter. This parameter lacks sufficient input sanitization and output escaping, allowing an authenticated attacker with at least Subscriber-level privileges to inject arbitrary JavaScript code into pages generated by the theme. Because the injected scripts are stored persistently, they execute whenever any user accesses the affected page, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of users. The vulnerability is exploitable remotely over the network without user interaction, but requires low privileges (authenticated user). The CVSS 3.1 base score is 6.4, reflecting a medium severity with low attack complexity and partial impact on confidentiality and integrity but no impact on availability. No public exploits have been reported yet, but the vulnerability is significant given the popularity of WordPress and the potential for privilege escalation or lateral movement within affected sites. The vulnerability was reserved in June 2024 and published in September 2024, with no official patches currently linked, indicating that site administrators must apply manual mitigations or await updates from the vendor.

The impact of CVE-2024-5884 is primarily on the confidentiality and integrity of affected WordPress sites using the Beauty theme. An attacker with Subscriber-level access can inject malicious scripts that execute in the context of other users visiting the compromised pages. This can lead to session hijacking, theft of sensitive information such as cookies or credentials, unauthorized actions performed on behalf of users, defacement of website content, and potential distribution of malware. Since the vulnerability is stored XSS, the malicious payload persists and affects all visitors to the injected page, amplifying the risk. Although availability is not impacted, the breach of trust and potential data leakage can cause reputational damage and legal consequences for organizations. The requirement for authenticated access limits the attack surface but does not eliminate risk, as Subscriber accounts are common and may be compromised or created by attackers. Organizations relying on WordPress with the Beauty theme, especially those with public-facing sites and multiple user roles, face increased risk of targeted attacks and exploitation.

To mitigate CVE-2024-5884, organizations should first verify if they are using the Beauty WordPress theme version 1.1.4 or earlier. Immediate steps include restricting Subscriber-level user capabilities to minimize the risk of malicious input submission. Implement strict input validation and output encoding for the 'tpl_featured_cat_id' parameter in the theme code, ensuring all user-supplied data is sanitized before storage and properly escaped before rendering. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injection attempts targeting this parameter. Monitor logs for unusual activity from authenticated users, especially those with Subscriber roles. Encourage users to use strong, unique passwords and enable multi-factor authentication to reduce account compromise risk. Regularly update WordPress core, themes, and plugins to the latest versions once patches are released by the vendor. Consider isolating or disabling the affected theme if immediate patching is not possible. Conduct security audits and penetration testing focused on XSS vulnerabilities to identify and remediate similar issues proactively.