CVE-2021-24642

Name of the Vulnerable Software and Affected Versions Scroll Baner WordPress plugin versions 1.0 and earlier

Description The issue concerns a lack of CSRF check when saving settings, as well as insufficient sanitisation, escaping, or validation of these settings. This could allow attackers to manipulate logged-in admin users into changing settings, potentially leading to Remote Code Execution (RCE) via file upload or Cross-Site Scripting (XSS).

Recommendations For Scroll Baner WordPress plugin versions 1.0 and earlier, consider disabling the settings saving functionality until a patch is available to prevent potential exploitation. Restrict access to the plugin's settings to minimize the risk of attackers manipulating admin users. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.