CVE-2021-24714: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-24714 affects the Import any XML or CSV File to WordPress plugin (WP All Import) versions before 3.6.3. The vulnerability was discovered by Huy Nguyen and was publicly disclosed on November 2, 2021. This security issue involves improper escaping of the Import's Title and Unique Identifier fields in admin pages (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, and a CVSS v2.0 score of 3.5 (LOW) (NVD).

The vulnerability allows high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed. This could potentially lead to unauthorized script execution in the context of other administrative users' sessions (WPScan).

The vulnerability has been fixed in version 3.6.3 of the WP All Import plugin. Users should update to this version or later to mitigate the security risk. It's worth noting that version 3.6.2 partially fixed the XSS issue when running the import but did not address the vulnerability in the preview functionality (WPScan).