CVE-2021-24516

Name of the Vulnerable Software and Affected Versions PlanSo Forms WordPress plugin versions 2.6.3 and earlier

Description The issue allows high privilege users, such as admins, to set an XSS payload in the title of a form, leading to an Authenticated Stored Cross-Site Scripting issue, even when the unfiltered html is disallowed. This occurs because the title of the form is not properly escaped before being outputted in attributes.

Recommendations For PlanSo Forms WordPress plugin versions 2.6.3 and earlier, update to a version later than 2.6.3 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.