CVE-2024-56014

CVE-2024-56014 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Markyis Cool Olivia WordPress theme. This issue affects Olivia versions from n/a through 0.9.5.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no required privileges, but necessitating user interaction. Remote attackers can exploit it by tricking authenticated or unauthenticated users into interacting with malicious input, such as via a crafted link, leading to reflected XSS execution in the site's context with changed scope and low impacts on confidentiality, integrity, and availability.

The Patchstack advisory at https://patchstack.com/database/wordpress/theme/olivia/vulnerability/wordpress-olivia-theme-0-9-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents the Reflected XSS vulnerability in the Olivia WordPress theme up to version 0.9.5. Security practitioners should consult this reference for detailed mitigation guidance.