WordPress Beauty theme <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via tpl_featured_cat_id Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via tplfeaturedcatid Parameter vulnerability discovered by Francesco Carlucci in WordPress Theme Beauty versions = 1.1.4...

PT-2024-37221 · WordPress · The Beauty Theme

Name of the Vulnerable Software and Affected Versions: The Beauty theme for WordPress versions up to, and including, 1.1.4 Description: The issue is related to Stored Cross-Site Scripting via the tpl featured cat id parameter due to insufficient input sanitization and output escaping. This allows...