CVE-2021-33347

Name of the Vulnerable Software and Affected Versions JPress versions 3.3.0 and below

Description An issue was discovered in the template module and tag management module, leading to XSS vulnerabilities. If a user logs in to the background using a weak password, a storage XSS vulnerability can occur.

Recommendations For JPress versions 3.3.0 and below, consider updating to a newer version to mitigate the risk, although the specific fixed version is not provided. As a temporary workaround, consider restricting access to the template module and tag management module to minimize the risk of exploitation. Additionally, ensure strong passwords are used for background login to reduce the likelihood of storage XSS vulnerability occurrence. At the moment, there is no information about a newer version that contains a fix for this vulnerability.