CVE-2021-24407

Name of the Vulnerable Software and Affected Versions Jannah WordPress theme versions prior to 5.4.5

Description The issue arises from the improper sanitization of the query POST parameter in the tie ajax search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. This allows an attacker to inject malicious scripts into the website, potentially affecting users who interact with the compromised page.

Recommendations For versions prior to 5.4.5, update to version 5.4.5 or later to resolve the issue. As a temporary workaround, consider disabling the tie ajax search AJAX action until a patch is available. Restrict access to the tie ajax search endpoint to minimize the risk of exploitation. Avoid using the query parameter in the affected AJAX endpoint until the issue is resolved.