CVE-2021-24439

Name of the Vulnerable Software and Affected Versions Browser Screenshots WordPress plugin versions prior to 1.7.6

Description The issue allows authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. This is due to the image class parameter of the "browser-shot" shortcode not being properly escaped.

Recommendations For versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the browser-shot shortcode for users with low roles, such as Contributor, until the update is applied.