CVE-2021-24539

Name of the Vulnerable Software and Affected Versions Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin versions prior to 1.6.7

Description The issue arises from the plugin's failure to sanitise or escape its description setting when outputting it in the frontend while the Coming Soon mode is enabled. This occurs even when the unfiltered html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.

Recommendations For versions prior to 1.6.7, update to version 1.6.7 or later to resolve the issue. As a temporary workaround, consider disabling the Coming Soon mode until a patch is available. Restrict access to the description setting to minimize the risk of exploitation. Avoid using the description setting in the affected plugin until the issue is resolved.