CVE-2021-24495: 
WordPress vulnerability analysis and mitigation

The Marmoset Viewer WordPress plugin before version 1.9.3 contains a reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24495. The vulnerability was discovered in July 2021 and affects the plugin's handling of the 'id' parameter, which is not properly sanitized, validated, or escaped before being output back in the page (WPScan, MITRE).

The vulnerability exists in the mviewer.php file where the 'id' parameter is processed without proper input validation. The issue was initially patched in version 1.9.2, but a bypass was discovered that worked on versions 1.9.2 and below. The vulnerability has a CVSS score of 7.1 (high) and is classified as CWE-79. Two proof-of-concept exploits were identified: one using SVG-based XSS payload and another utilizing the marmoset.embed function (John Blog).

The vulnerability allows attackers to execute malicious scripts in victims' browsers, potentially leading to cookie theft, credential stealing, and account takeover. Since the browser considers the script as coming from a trusted source, it can access sensitive information including session tokens and other browser-retained data specific to the site (John Blog).

The vulnerability was fully patched in version 1.9.3 of the Marmoset Viewer plugin. The fix included implementing PHP sanitization filters on the 'id' parameter and modifying the marmoset.embed function to use htmlentities PHP function with expanded character sanitization using FilterSanitizeURL function instead of FullSpecialChars (John Blog).