WordPress · Wpfront Notification Bar · CVE-2021-24601
**Name of the Vulnerable Software and Affected Versions**
WPFront Notification Bar WordPress plugin version 2.1.0.08087 and earlier
**Description**
The issue arises from the plugin's failure to properly sanitise and escape its settings. This could allow high privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed.
**Recommendations**
For versions prior to 2.1.0.08087, update to version 2.1.0.08087 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.