CVE-2021-24446: 
WordPress vulnerability analysis and mitigation

The Remove Footer Credit WordPress plugin before version 1.0.6 was identified with CVE-2021-24446. This vulnerability was discovered by researcher apple502j and was publicly disclosed on July 12, 2021. The security issue affects the plugin's settings functionality, specifically related to Cross-Site Request Forgery (CSRF) and potential Stored Cross-Site Scripting (XSS) vulnerabilities (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms when saving plugin settings, combined with inadequate input sanitization. The issue received a CVSS score of 7.1 (High) and is classified under CWE-352. According to the OWASP Top 10, it falls under the A2: Broken Authentication and Session Management category (WPScan).

The vulnerability could allow attackers to manipulate plugin settings through logged-in administrators and potentially execute stored cross-site scripting attacks. The XSS impact varies depending on the WordPress theme in use, with confirmed testing on the Twenty Twenty theme (WPScan).

The vulnerability was addressed in version 1.0.6 of the Remove Footer Credit plugin, which implemented CSRF protection. However, it's worth noting that the initial fix only removed script tags for XSS protection, leading to a separate authenticated stored XSS issue that required additional patching (WPScan).