CVE-2024-9449
CVE-2024-9449 affects the WordPress Auto iFrame plugin (versions ≤ 1.7). It is a Stored XSS via the tag parameter due to insufficient input sanitization/output escaping, exploitable by authenticated users with Author-level access or higher to inject scripts on pages. A fix is available in version...