CVE-2024-5600

Name of the Vulnerable Software and Affected Versions The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress versions prior to 1.3.11

Description The issue is related to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import settings() function. This allows authenticated attackers with Subscriber-level access and above to inject malicious web scripts.

Recommendations For versions up to and including 1.3.10, update to a version newer than 1.3.10 to resolve the issue. As a temporary workaround, consider restricting access to the import settings() function until a patch is available.