CVE-2021-24850

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.0

Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks. This is achieved by storing payloads in another post's custom fields, which can then be printed out using a shortcode. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For versions prior to 3.7.0, update to version 3.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the shortcode that prints out other pages' content and custom fields to minimize the risk of exploitation. Additionally, restrict access to custom fields for users with low roles, such as Contributor, until the issue is resolved.