CVE-2024-10260
The Tripetto WordPress plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via file uploads. Affected versions include up to 8.0.3 (per CVE) and up to 8.0.11 (per PatchStack evidence); the issue is caused by insufficient input sanitization and output escaping. Exploitation would a...