CVE-2021-24902
The CVE-2021-24902 entry concerns the WordPress Typebot plugin (before 1.4.3). The root cause is failure to sanitize and escape the Publish ID setting, enabling stored Cross-Site Scripting (XSS) by admin+ users even when unfiltered_html is disallowed. Affected component: Publish ID handling in th...