CVE-2021-24518

Name of the Vulnerable Software and Affected Versions WPFront Notification Bar WordPress plugin versions prior to 2.0.0.07176

Description The issue allows high privilege users, such as admins, to set XSS payload in the Custom CSS setting, leading to an authenticated Stored Cross-Site Scripting issue, even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 2.0.0.07176, update to version 2.0.0.07176 or later to resolve the issue. As a temporary workaround, consider restricting access to the Custom CSS setting to minimize the risk of exploitation.