WordPress · Rss For Yandex Turbo · CVE-2021-24277
**Name of the Vulnerable Software and Affected Versions**
RSS for Yandex Turbo WordPress plugin versions prior to 1.30
**Description**
The issue arises from improper sanitization of user inputs from the Счетчики settings tab, leading to authenticated stored Cross-Site Scripting issues.
**Recommendations**
For versions prior to 1.30, update to version 1.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the Счетчики settings tab to minimize the risk of exploitation.