CVE-2021-24676: 
WordPress vulnerability analysis and mitigation

The Better Find and Replace WordPress plugin (versions before 1.2.9) was identified with a Reflected Cross-Site Scripting vulnerability, tracked as CVE-2021-24676. The vulnerability was discovered and reported by security researcher apple502j, and was publicly disclosed on September 6, 2021 (WPScan).

The vulnerability stems from improper input validation where the plugin fails to properly escape the 's' GET parameter before outputting it back in the All Masking Rules page. This security flaw has been classified as CWE-79 and received a CVSS score of 8.8 (High). The vulnerability can be triggered through the WordPress admin panel at the path 'admin.php?page=cs-all-masking-rules' (WPScan).

This Cross-Site Scripting vulnerability could allow attackers to inject malicious scripts that would execute in the context of other users' browsers who access the affected admin page. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the authenticated user (WPScan).

The vulnerability has been fixed in version 1.2.9 of the Better Find and Replace plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).