CVE-2021-24564

Name of the Vulnerable Software and Affected Versions WPFront Scroll Top WordPress plugin versions prior to 2.0.6.07225

Description The issue arises from the plugin's failure to sanitise or escape its Image ALT setting before outputting it as attributes, leading to an Authenticated Stored Cross-Site Scripting issue. This occurs even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 2.0.6.07225, update to version 2.0.6.07225 or later to resolve the issue. As a temporary workaround, consider disabling the Image ALT setting until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the Image ALT setting in the affected plugin until the issue is resolved.