CVE-2024-6020

Name of the Vulnerable Software and Affected Versions: Sign-up Sheets WordPress plugin versions prior to 2.2.13

Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the plugin does not properly escape some generated URLs and the $ SERVER['REQUEST URI'] parameter before outputting them back in attributes. This could lead to Reflected Cross-Site Scripting.

Recommendations: For versions prior to 2.2.13, update to version 2.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to attributes that use generated URLs and the $ SERVER['REQUEST URI'] parameter until a patch is applied.