CVE-2021-24936

Name of the Vulnerable Software and Affected Versions WP Extra File Types versions prior to 0.5.1

Description The issue concerns a lack of CSRF check when saving settings and inadequate sanitization and escaping of certain settings. This could allow attackers to manipulate a logged-in admin into changing settings, potentially leading to Cross-Site Scripting attacks.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.