CVE-2021-25038

Name of the Vulnerable Software and Affected Versions WordPress Multisite User Sync/Unsync WordPress plugin versions prior to 2.1.2

Description The issue concerns Reflected Cross-Site Scripting, where the wmus source blog and wmus record per page parameters are not properly sanitised and escaped before being outputted back in attributes. This can lead to security issues.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the parameters wmus source blog and wmus record per page to minimize the risk of exploitation.