CVE-2021-24434

Name of the Vulnerable Software and Affected Versions Glass WordPress plugin versions 1.3.2 and earlier

Description The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Glass Pages setting is not properly sanitised or escaped before being outputted in a page. Additionally, the plugin lacks a CSRF check when saving its settings, making it possible to exploit the issue via a CSRF attack.

Recommendations For Glass WordPress plugin versions 1.3.2 and earlier, update to a version that includes the necessary security fixes to address the Stored Cross-Site Scripting issue and implement CSRF protection for settings saves. At the moment, there is no information about a newer version that contains a fix for this vulnerability.