CVE-2021-39356

Name of the Vulnerable Software and Affected Versions: Content Staging WordPress plugin versions up to and including 2.0.1

Description: The issue is due to insufficient input validation and escaping via several parameters that are echoed out via the ~/templates/settings.php file. This allows attackers with administrative user access to inject arbitrary web scripts. The problem affects multi-site installations where unfiltered html is disabled for administrators, and sites where unfiltered html is disabled.

Recommendations: For versions up to and including 2.0.1, update to a version higher than 2.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the ~/templates/settings.php file and ensuring proper input validation and escaping for all parameters. Additionally, enabling unfiltered html for administrators in multi-site installations may help mitigate the risk, but this should be done with caution and careful consideration of the potential security implications.