CVE-2021-24425

Name of the Vulnerable Software and Affected Versions myStickymenu WordPress plugin versions prior to 2.5.2

Description The issue allows high privilege users to use malicious JavaScript in the Bar Text settings, leading to a Stored Cross-Site Scripting issue. This issue will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Bar Text settings to prevent high privilege users from injecting malicious JavaScript.