CVE-2021-24971: 
WordPress vulnerability analysis and mitigation

CVE-2021-24971 is a security vulnerability affecting the WordPress plugin WP Responsive Menu versions prior to 3.1.7.1. The vulnerability was discovered by Krzysztof Zając and was publicly disclosed on January 26, 2022. This security issue affects the plugin's AJAX functionality, specifically in the wprliveupdate action, where insufficient security controls were implemented (WPScan).

The vulnerability stems from missing capability and CSRF checks in the wprliveupdate AJAX action, combined with inadequate sanitization and escaping of submitted data. The vulnerability has been classified as a Stored Cross-Site Scripting (XSS) issue, categorized under CWE-79 and OWASP Top 10 A7. It received a CVSS score of 7.4 (High), indicating significant severity (WPScan).

When exploited, this vulnerability allows any authenticated user, including those with subscriber-level access, to modify the plugin's settings and execute Cross-Site Scripting attacks. These attacks can affect all visitors and users on the frontend of the website, potentially compromising the security of the entire site (WPScan).

The vulnerability has been patched in version 3.1.7.1 of the WP Responsive Menu plugin. Site administrators are strongly advised to update to this version or later to protect against potential attacks (WPScan).