CVE-2021-34660

Name of the Vulnerable Software and Affected Versions: WP Fusion Lite versions up to and including 3.37.18

Description: The issue allows attackers to inject arbitrary web scripts via the startdate parameter in the ~/includes/admin/logging/class-log-table-list.php file, enabling Reflected Cross-Site Scripting attacks.

Recommendations: For versions up to and including 3.37.18, update to a version later than 3.37.18 to resolve the issue. As a temporary workaround, consider restricting access to the ~/includes/admin/logging/class-log-table-list.php file or avoiding the use of the startdate parameter until a patch is available.