CVE-2021-42365

Name of the Vulnerable Software and Affected Versions Asgaros Forums WordPress plugin versions up to and including 1.15.13

Description The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file. This allows attackers with administrative user access to inject arbitrary web scripts. The issue affects multi-site installations where unfiltered html is disabled for administrators, and sites where unfiltered html is disabled.

Recommendations For versions up to and including 1.15.13, update to a version higher than 1.15.13 to resolve the issue. As a temporary workaround, consider restricting access to the ~/admin/tables/admin-structure-table.php file or disabling the name parameter to minimize the risk of exploitation. Additionally, enabling unfiltered html for administrators in multi-site installations or sites where it is currently disabled may also mitigate the risk.