CVE-2021-24214

Name of the Vulnerable Software and Affected Versions: OpenID Connect Generic Client WordPress plugin versions 3.8.0 through 3.8.1

Description: The issue is related to a reflected Cross-Site Scripting problem. It occurs because the login error is not properly sanitized when output back in the login form. This issue can be exploited without authentication and with the default configuration.

Recommendations: For versions 3.8.0 and 3.8.1, update to a version that addresses this issue, as the current versions do not properly sanitise the login error, leading to a reflected Cross-Site Scripting issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.