CVE-2023-2600
CVE-2023-2600 concerns the WordPress plugin Custom Base Terms prior to version 1.0.3, where certain settings aren’t sanitized or escaped. This can enable stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The NVD entry assigns CVSS 3.1: AV...