CVE-2021-24448

Name of the Vulnerable Software and Affected Versions User Registration & User Profile – Profile Builder WordPress plugin versions prior to 3.4.8

Description The issue allows high privilege users to inject JavaScript code into the 'Modify default Redirect Delay timer' setting, leading to an authenticated Stored Cross-Site Scripting issue, even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 3.4.8, update to version 3.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'Modify default Redirect Delay timer' setting to prevent potential exploitation.