CVE-2021-24274: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-24274 is a Reflected Cross-Site Scripting (XSS) issue affecting the WordPress plugin Ultimate Maps by Supsystic versions prior to 1.2.5. The vulnerability was discovered and publicly disclosed on April 19, 2021. This security flaw affects the plugin's options page functionality (WPScan).

The vulnerability stems from improper sanitization of the 'tab' parameter in the plugin's options page. When this parameter is processed, its value is directly output in an HTML attribute without proper sanitization, enabling a reflected XSS attack. The vulnerability has been assigned a CVSS score of 7.1 (High) and is classified under CWE-79 (Cross-Site Scripting) (WPScan).

The vulnerability allows attackers to execute arbitrary JavaScript code in the context of the victim's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the authenticated user's session (WPScan).

The vulnerability has been patched in version 1.2.5 of the Ultimate Maps by Supsystic plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).