CVE-2024-49266

Name of the Vulnerable Software and Affected Versions WP-Spreadplugin versions prior to 4.8.9

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS) or Stored XSS. This problem occurs because of inadequate input validation, allowing malicious scripts to be stored and executed.

Recommendations For versions prior to 4.8.9, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the plugin's functionality until a patch is available.