CVE-2021-24710: 
WordPress vulnerability analysis and mitigation

The Print-O-Matic WordPress plugin before version 2.0.3 contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24710. The vulnerability was discovered by Zain Ahmed and publicly disclosed on October 11, 2021. This security issue affects the plugin's settings functionality, specifically impacting WordPress installations using the Print-O-Matic plugin (WPScan).

The vulnerability stems from improper escaping of settings before outputting them in attributes. This security flaw allows high-privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability has been assigned a CVSS score of 3.5 (low severity) and is classified under CWE-79. The issue specifically affects the 'Pause Before Print' settings of the plugin (WPScan).

When exploited, this vulnerability allows high-privilege users to inject and execute malicious JavaScript code in the context of other users' browsers who access the plugin's settings page. This could potentially lead to unauthorized actions being performed on behalf of the victim users (CVE Mitre).

The vulnerability has been fixed in Print-O-Matic version 2.0.3. Users are strongly advised to update their installations to this version or later to mitigate the security risk (WordPress Plugin).