CVE-2021-24431

Name of the Vulnerable Software and Affected Versions Language Bar Flags WordPress plugin versions 1.0.8 and earlier

Description The issue is related to the lack of CSRF protection when saving settings and the failure to sanitize or escape settings when generating the flag bar in the frontend. This could allow attackers to make a logged-in admin change the settings and set a Cross-Site Scripting payload, which will be executed in the frontend for all users.

Recommendations For Language Bar Flags WordPress plugin versions 1.0.8 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's settings to minimize the risk of unauthorized changes. Avoid using the plugin's frontend functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.