CVE-2021-24543

Name of the Vulnerable Software and Affected Versions jQuery Reply to Comment WordPress plugin versions 1.31 and earlier

Description The issue concerns a Stored Cross-Site Scripting problem. It arises because the plugin lacks a CSRF check when saving its settings and does not properly sanitise or escape its Quote String and Reply String settings before outputting them in comments.

Recommendations For jQuery Reply to Comment WordPress plugin versions 1.31 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the settings page to minimize the risk of unauthorized changes. Avoid using the Quote String and Reply String settings in comments until the issue is resolved.