CVE-2024-13221

Name of the Vulnerable Software and Affected Versions Fantastic ElasticSearch WordPress plugin versions 4.1.0 and earlier

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators.

Recommendations For versions 4.1.0 and earlier, update to a version that properly sanitizes and escapes parameters before outputting them back in the page. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.