CVE-2021-24664

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt