CVE-2021-24611

Name of the Vulnerable Software and Affected Versions Keyword Meta WordPress plugin versions 3.0 and earlier

Description The issue arises from the plugin's failure to sanitise or escape its settings before outputting them, leading to Cross-Site Scripting issues. Additionally, the lack of a CSRF check allows attackers to manipulate logged-in high-privilege users into saving arbitrary settings via a CSRF attack.

Recommendations For versions 3.0 and earlier, update to a version that addresses the sanitisation and CSRF issues. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation. Avoid using the plugin until a patched version is available.