CVE-2021-24235

Name of the Vulnerable Software and Affected Versions Goto WordPress theme versions prior to 2.0

Description The issue is related to an unauthenticated reflected Cross-Site Scripting problem. It occurs because the Goto WordPress theme does not properly sanitise the keywords and start date GET parameters on its Tour List page. This allows for malicious scripts to be injected and executed, potentially leading to security breaches.

Recommendations For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Tour List page or sanitising the keywords and start date parameters to prevent malicious input.