CVE-2021-24226

Name of the Vulnerable Software and Affected Versions: AccessAlly versions prior to 3.5.7

Description: The issue is related to the leakage of environment variables due to the dumping of serialize($ SERVER) in the resource/frontend/product/product-shortcode.php file. This file is responsible for the [accessally order form] shortcode. The leakage occurs on all public-facing pages that contain this shortcode and does not require any login or administrator role.

Recommendations: For versions prior to 3.5.7, update to version 3.5.7 or later to resolve the issue. As a temporary workaround, consider removing or restricting access to the [accessally order form] shortcode on public-facing pages until the update is applied.