CVE-2021-33851

Name of the Vulnerable Software and Affected Versions WordPress (affected versions not specified)

Description A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin or the login page of the WordPress application.

Recommendations For WordPress, consider disabling the "Customize Login Image" Plugin until a patch is available. Restrict access to the login page to minimize the risk of exploitation. Avoid using the vulnerable plugin's features in the Settings Page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.