CVE-2024-12772: 
WordPress vulnerability analysis and mitigation

The Ninja Tables WordPress plugin before version 5.0.17 contains a Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on January 9, 2025, and was assigned CVE-2024-12772. The issue affects the plugin's CSV import functionality, where a parameter is not properly sanitized and escaped before being output back to the page (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS score of 3.5 (low severity). The vulnerability is tracked under CWE-79 and falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS). The issue occurs specifically during the CSV import process where user input is not properly sanitized before being displayed back to users (WPScan).

When successfully exploited, this vulnerability could allow an attacker to inject malicious scripts that would execute in the context of other users' browsers who access the affected page. Since this is a stored XSS vulnerability, the malicious payload remains persistent in the database and could affect multiple users over time (WPScan).

The vulnerability has been fixed in version 5.0.17 of the Ninja Tables plugin. Users are advised to update to this version or later to protect against this security issue (WPScan).