CVE-2021-38328

Name of the Vulnerable Software and Affected Versions: Notices WordPress plugin versions up to and including 6.1

Description: The issue concerns a Reflected Cross-Site Scripting vulnerability. It is caused by a reflected $ SERVER["PHP SELF"] value in the ~/notices.php file, allowing attackers to inject arbitrary web scripts.

Recommendations: For versions up to and including 6.1, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the ~/notices.php file until a patch is available.