CVE-2021-24558

Name of the Vulnerable Software and Affected Versions Project Status WordPress plugin versions 1.6 and earlier

Description The issue arises from the pspin duplicate post save as new post function not sanitizing, validating, or escaping the post GET parameter before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue.

Recommendations For Project Status WordPress plugin versions 1.6 and earlier, consider disabling the pspin duplicate post save as new post function until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.