CVE-2021-34656

Name of the Vulnerable Software and Affected Versions: 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin versions up to and including 5.2.7

Description: The issue allows attackers to inject arbitrary web scripts via the vws notice function found in the ~/inc/requirements.php file, enabling Reflected Cross-Site Scripting attacks. This function is vulnerable to injecting malicious scripts, posing a risk to users.

Recommendations: For versions up to and including 5.2.7, update to a version later than 5.2.7 to resolve the issue. As a temporary workaround, consider disabling the vws notice function until a patch is available.