CVE-2021-24444: 
WordPress vulnerability analysis and mitigation

The TaxoPress WordPress plugin (formerly known as Simple Tags) versions before 3.0.7.2 contained a Stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on June 30, 2021, and was assigned CVE-2021-24444. The issue affected the plugin's taxonomy description field functionality (WPScan).

The vulnerability stems from insufficient sanitization of the Taxonomy description field. This security flaw allows high-privilege users to inject JavaScript payloads into taxonomy descriptions, even when the unfiltered_html capability is disabled. The vulnerability has been assigned a CVSS score of 4.8 (medium severity) and is classified under CWE-79 (WPScan).

When successfully exploited, this vulnerability allows authenticated users with high privileges to store and execute arbitrary JavaScript code on the website. When other users view the affected taxonomy pages, the malicious JavaScript code executes in their browsers, potentially leading to various attacks including cookie theft, session hijacking, or other malicious actions (WPScan).

The vulnerability was patched in version 3.0.7.2 of the TaxoPress plugin. Website administrators are advised to update to this version or later to protect against this security issue (WPScan).