CVE-2024-8243

Name of the Vulnerable Software and Affected Versions: WordPress/Plugin Upgrade Time Out Plugin version 1.0

Description: The issue concerns a lack of CSRF check in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations: For version 1.0, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of Stored XSS payloads being added by attackers. Avoid using the plugin's features that are missing CSRF checks, sanitization, and escaping until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.