CVE-2024-6929
CVE-2024-6929 affects the WordPress Dynamic Featured Image plugin (≤ 3.7.0). It enables Stored XSS via the dfiFeatured parameter, exploitable by authenticated users with Contributor-level access or higher. Multiple connected sources confirm the vulnerability and indicate the issue remains unpatch...