CVE-2021-24245

Name of the Vulnerable Software and Affected Versions Stop Spammers WordPress plugin versions prior to 2021.9

Description The issue arises from insufficient escaping of user input when blocking requests, such as matching a spam word. This leads to a reflected Cross-Site Scripting issue because the input is only sanitized to remove HTML tags, which is not sufficient.

Recommendations For versions prior to 2021.9, update to version 2021.9 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to areas where user input is processed to minimize the risk of exploitation. Avoid using the plugin for blocking requests based on user input until the issue is resolved.