CVE-2021-24494: 
WordPress vulnerability analysis and mitigation

The WP Offload SES Lite WordPress plugin before version 1.4.5 contained a Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24494. The vulnerability was discovered and publicly disclosed on June 29, 2021, affecting the Activity page of the admin dashboard where certain fields were not properly escaped (WPScan Advisory).

The vulnerability stems from improper neutralization of input during web page generation (CWE-79) in the Activity page of the admin dashboard. Specifically, the email's ID, subject, and recipient fields were not properly escaped. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD Database).

When exploited, this vulnerability allows attackers to execute malicious scripts in the context of a logged-in administrator viewing the Activity tab of the plugin. The impact is particularly significant as it affects the administrative dashboard, potentially compromising the security of the WordPress installation (WPScan Advisory).

The vulnerability has been fixed in version 1.4.5 of the WP Offload SES Lite plugin. Website administrators are strongly advised to update to this version or later to protect against potential XSS attacks (WPScan Advisory).