CVE-2021-24316

Name of the Vulnerable Software and Affected Versions Mediumish WordPress theme versions 1.0.0 through 1.0.47

Description The search feature of the Mediumish WordPress theme does not properly sanitise its s GET parameter before outputting it back to the page, leading to a Cross-Site Scripting issue.

Recommendations For Mediumish WordPress theme versions 1.0.0 through 1.0.47, consider disabling the search feature until a patch is available. Restrict access to the search functionality to minimize the risk of exploitation. Avoid using the s parameter in the affected search endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.