CVE-2021-24517

Name of the Vulnerable Software and Affected Versions The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2021.18

Description The issue allows high privilege users, such as admins, to set Cross-Site Scripting payloads in some settings, even when the unfiltered html capability is disallowed. This is due to the plugin not escaping some of its settings.

Recommendations For versions prior to 2021.18, update to version 2021.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.