CVE-2021-24922

Name of the Vulnerable Software and Affected Versions: Pixel Cat WordPress plugin versions prior to 2.6.2

Description: The issue concerns a lack of CSRF check when saving settings and inadequate sanitization and escaping of certain settings in the Pixel Cat WordPress plugin. This could allow an attacker to manipulate a logged-in admin into changing settings, potentially leading to Cross-Site Scripting attacks.

Recommendations: For versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation.