CVE-2021-24366

Name of the Vulnerable Software and Affected Versions Admin Columns WordPress plugin versions prior to 4.3 Admin Columns Pro WordPress plugin versions prior to 5.5.1

Description The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible due to the lack of sanitization and escaping of the Label settings. The vulnerability can be exploited even when the unfiltered html capability is disallowed, for example, in a multisite setup. An authenticated attacker can supply a crafted arbitrary script and execute it by exploiting improper input validation on the value passed into the Label parameter.

Recommendations For Admin Columns WordPress plugin versions prior to 4.3, update to version 4.3 or later. For Admin Columns Pro WordPress plugin versions prior to 5.5.1, update to version 5.5.1 or later. As a temporary workaround, consider restricting access to the Label settings to minimize the risk of exploitation.