CVE-2021-24593

Name of the Vulnerable Software and Affected Versions Business Hours Indicator WordPress plugin versions prior to 2.3.5

Description The issue arises from the plugin's failure to sanitise or escape its 'Now closed message' setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue.

Recommendations For versions prior to 2.3.5, update to version 2.3.5 or later to resolve the issue. As a temporary workaround, consider disabling the 'Now closed message' setting until a patch is available. Restrict access to the backend and frontend to minimize the risk of exploitation.