CVE-2021-24364

Name of the Vulnerable Software and Affected Versions Jannah WordPress theme versions prior to 5.4.4

Description The issue arises from the improper sanitization of the options JSON parameter in the tie get user weather AJAX action, leading to a Reflected Cross-Site Scripting (XSS) issue. This occurs when the parameter is output back in the page without proper cleaning, allowing malicious scripts to be executed.

Recommendations For versions prior to 5.4.4, update to version 5.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the tie get user weather AJAX action until a patch is available. Restrict access to this action to minimize the risk of exploitation. Avoid using the options JSON parameter in the affected AJAX endpoint until the issue is resolved.