CVE-2024-5169

CVE-2024-5169 affects the Video Widget WordPress plugin (versions ≤ 1.2.3). The vulnerability arises from insufficient sanitisation/escaping of widget settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Public‑facing advi...