CVE-2021-29467

Name of the Vulnerable Software and Affected Versions: Wrongthink versions prior to 2.4.1

Description: The issue allows a user to run arbitrary JavaScript on the site by entering a script. This is possible because a user could check their fingerprint into the service. There is no information available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations: For versions prior to 2.4.1, update to version 2.4.1 to resolve the issue. As a temporary workaround, consider restricting the ability to enter scripts into the service until the patch is applied.