CVE-2021-24856

Name of the Vulnerable Software and Affected Versions: Shared Files WordPress plugin versions prior to 1.6.61

Description: The issue concerns the Shared Files WordPress plugin, where the Download Counter Text settings are not properly sanitized and escaped. This could allow high-privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed.

Recommendations: For versions prior to 1.6.61, update to version 1.6.61 or later to resolve the issue. As a temporary workaround, consider restricting access to the Download Counter Text settings to minimize the risk of exploitation.