CVE-2024-13898

Name of the Vulnerable Software and Affected Versions Simple Banner plugin for WordPress versions up to and including 3.0.5

Description The issue allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, due to insufficient input sanitization and output escaping in the admin settings. This affects multi-site installations and installations where unfiltered html has been disabled.

Recommendations For Simple Banner plugin for WordPress versions up to and including 3.0.5, update to a version later than 3.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the admin settings to minimize the risk of exploitation. Additionally, enabling unfiltered html, if possible, may also mitigate the risk, but this should be done with caution and careful consideration of the potential security implications.