CVE-2021-46781: 
WordPress vulnerability analysis and mitigation

The Coming Soon by Supsystic WordPress plugin before version 1.7.6 contains a Reflected Cross-Site Scripting vulnerability identified as CVE-2021-46781. The vulnerability was discovered in 2021 and publicly disclosed on May 24, 2021. The issue affects the plugin's admin dashboard functionality where the tab parameter is not properly sanitized and escaped before being output (WPScan).

The vulnerability stems from improper neutralization of input during web page generation in the admin dashboard. Specifically, the tab parameter is neither sanitized nor escaped before being output back in an attribute, leading to a Reflected Cross-Site Scripting condition. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue is classified under CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

If successfully exploited, this vulnerability allows attackers to inject malicious web scripts that execute when users access the affected admin dashboard pages. The impact is considered medium severity as it requires user interaction and can lead to unauthorized access to sensitive information or potential manipulation of the admin interface (WPScan).

The vulnerability has been fixed in version 1.7.6 of the Coming Soon by Supsystic plugin. Users are advised to update to this version or later to protect against this security issue (WPScan).