CVE-2024-6712
The CVE-2024-6712 entry concerns the WordPress MapFig Studio plugin (versions ≤ 0.2.1). The root cause is missing CSRF checks in several areas, coupled with insufficient sanitisation and escaping, which could allow a logged-in admin to add stored XSS payloads via a CSRF attack. The vulnerability ...