CVE-2021-24428
The CVE-2021-24428 entry describes an Authenticated Stored XSS in the WordPress plugin “RSS for Yandex Turbo” (versions up to 1.30). The underlying issue is failure to sanitize/escape certain settings when saving and displaying them in the admin dashboard, enabling script execution even when unfi...