CVE-2021-24423: 
WordPress vulnerability analysis and mitigation

CVE-2021-24423 affects the UpdraftPlus WordPress Backup Plugin versions before 1.6.59. The vulnerability was discovered and publicly disclosed on May 9, 2021. This security issue affects WordPress installations that have the UpdraftPlus plugin installed (WPScan).

The vulnerability is a Stored Cross-Site Scripting (XSS) issue that occurs because the plugin does not properly sanitize its updraft_service settings. This allows high-privilege users to inject malicious JavaScript payloads into the settings. The vulnerability has been assigned a CVSS score of 3.4 (low severity) and is classified under CWE-79 (Cross-Site Scripting) (WPScan, CVE Mitre).

The vulnerability allows authenticated users with high privileges to store and execute malicious JavaScript code in the plugin's settings. When triggered, this could potentially lead to client-side attacks against other administrative users accessing the affected pages (WPScan).

The vulnerability has been fixed in UpdraftPlus version 1.6.59. Website administrators are advised to update to this version or later to mitigate the risk (WPScan).