CVE-2021-24789

Name of the Vulnerable Software and Affected Versions: Flat Preloader WordPress plugin versions prior to 1.5.5

Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the plugin not escaping some of its settings when outputting them in attributes in the frontend, even when the unfiltered html is disallowed.

Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.