CVE-2024-3972

Name of the Vulnerable Software and Affected Versions Similarity WordPress plugin versions through 3.0

Description The issue is related to the lack of CSRF check in some places, and missing sanitisation as well as escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations For versions through 3.0, update to a version that includes the necessary CSRF checks and proper sanitisation and escaping to prevent Stored XSS payloads from being added. As a temporary workaround, consider restricting access to areas of the plugin where admins can add content to minimize the risk of exploitation.