CVE-2021-24976: 
WordPress vulnerability analysis and mitigation

The Smart SEO Tool WordPress plugin versions before 3.0.6 contained a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24976. The vulnerability was discovered on December 22, 2021, and affected the plugin's TDK optimization feature (WPScan).

The vulnerability occurs when the TDK optimization setting is enabled, where the plugin fails to properly sanitize and escape the search parameter before outputting it back in an attribute. This security flaw has been assigned a CVSS v3.1 base score of 6.1 (Medium), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

The vulnerability allows attackers to execute cross-site scripting attacks through the search parameter when the TDK optimization setting is enabled. This could potentially lead to the execution of malicious JavaScript code in users' browsers, potentially compromising their interaction with the affected website (WPScan).

The vulnerability has been patched in version 3.0.6 of the Smart SEO Tool plugin. Users are advised to update to this version or later to protect against this security issue (WPScan, WordPress).