CVE-2021-24685

Name of the Vulnerable Software and Affected Versions Flat Preloader WordPress plugin versions prior to 1.5.4

Description The issue arises from the lack of nonce checks when saving settings and the failure to sanitise and escape them, which could allow attackers to make logged-in admins change settings with a Cross-Site Scripting payload. This payload can be triggered in either the frontend or backend, depending on its nature.

Recommendations For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.