CVE-2021-24954

Name of the Vulnerable Software and Affected Versions: User Registration, Login Form, User Profile & Membership WordPress plugin versions prior to 3.2.3

Description: The issue arises from the failure to sanitise and escape the ppress cc data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue.

Recommendations: For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard page where the ppress cc data parameter is outputted to minimize the risk of exploitation.