CVE-2021-24342
CVE-2021-24342 affects the WordPress JNews theme prior to version 8.0.6. The issue is a reflected XSS caused by the cat_id parameter not being sanitized in POST requests to /?ajax-request=jnews with action=jnews_build_mega_category_*. Proof/notes in connected docs show an example payload injectin...