CVE-2021-39344

Name of the Vulnerable Software and Affected Versions KJM Admin Notices versions up to and including 2.0.1

Description The issue is related to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file, allowing attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered html is disabled for administrators, and sites where unfiltered html is disabled.

Recommendations For versions up to and including 2.0.1, consider disabling the ~/admin/class-kjm-admin-notices-admin.php file or restricting access to it until a patch is available. Additionally, enabling unfiltered html for administrators may help mitigate the risk, but this should be done with caution and careful consideration of the potential security implications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.