CVE-2021-24287: 
WordPress vulnerability analysis and mitigation

CVE-2021-24287 is a reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin 'Select All Categories and Taxonomies' versions prior to 1.3.2. The vulnerability was discovered and publicly disclosed on April 23, 2021. The affected plugin failed to properly sanitize user input in its settings page (WPScan).

The vulnerability exists in the plugin's settings page where the 'tab' parameter is not properly sanitized before being output back to the user. This allows for potential cross-site scripting attacks. The vulnerability has been assigned a CVSS score of 7.1 (High) and is classified under CWE-79. The issue specifically affects the plugin's admin interface at the path '/wp-admin/options-general.php' (WPScan).

If exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers who visit the affected admin page. This could potentially lead to theft of sensitive information or unauthorized actions performed on behalf of the administrator (WPScan).

The vulnerability has been fixed in version 1.3.2 of the Select All Categories and Taxonomies plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).