CVE-2021-24994

Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging WordPress plugin versions prior to 0.9.69

Description The issue concerns a Stored Cross-Site Scripting problem. It arises due to the lack of authorisation when adding remote storages and the failure to properly sanitise and escape a parameter from unauthenticated requests before it is outputted on an admin page.

Recommendations For versions prior to 0.9.69, update to version 0.9.69 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the vulnerable parameter is outputted to minimize the risk of exploitation. Avoid using the vulnerable parameter in unauthenticated requests until the issue is resolved.