CVE-2021-4252

Name of the Vulnerable Software and Affected Versions WP-Ban (affected versions not specified)

Description A problematic issue has been found in WP-Ban, affecting the toggle checkbox function of the file ban-options.php. The manipulation of the argument $ SERVER["HTTP USER AGENT"] leads to cross-site scripting. The attack may be initiated remotely.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. As a temporary workaround, consider disabling the toggle checkbox function until a patch is available. Restrict access to the ban-options.php file to minimize the risk of exploitation. Avoid using the $ SERVER["HTTP USER AGENT"] argument in the affected function until the issue is resolved.