CVE-2021-24272

Name of the Vulnerable Software and Affected Versions The fitness calculators WordPress plugin versions prior to 1.9.6

Description The issue is related to a lack of CSRF check in the plugin, allowing attackers to make logged-in users perform unwanted actions, such as changing calculator headers. Additionally, due to the lack of sanitization, this could also lead to a Stored Cross-Site Scripting issue.

Recommendations For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.