CVE-2024-9896 BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated...