CVE-2021-24372

Name of the Vulnerable Software and Affected Versions WP Hardening – Fix Your WordPress Security WordPress plugin versions prior to 1.2.2

Description The issue is related to a reflected Cross-Site Scripting problem. It occurs because the $ SERVER['REQUEST URI'] is not properly sanitised or escaped before being outputted in an attribute. This leads to a security issue where an attacker could potentially inject malicious scripts.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider implementing proper sanitisation and escaping of the $ SERVER['REQUEST URI'] variable to prevent Cross-Site Scripting attacks.