CVE-2024-1806
The CVE-2024-1806 entry concerns the ProfilePress (Paid Membership Plugin) for WordPress. A stored XSS flaw exists in all versions up to 4.15.1 caused by insufficient input sanitization and output escaping on user-supplied attributes within the plugin’s shortcodes. Exploitation requires an attack...