CVE-2021-24581

Name of the Vulnerable Software and Affected Versions The Blue Admin WordPress plugin versions through 21.06.01

Description The issue is related to a Stored Cross-Site Scripting problem. The plugin does not sanitise or escape its Logo Title setting before outputting it in a page. Additionally, the plugin lacks a CSRF check when saving its settings, allowing the issue to be exploited via a CSRF attack.

Recommendations For versions through 21.06.01, update to a version that addresses the Stored Cross-Site Scripting issue and implements a CSRF check for saving settings. As a temporary workaround, consider disabling the Logo Title setting until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.