CVE-2021-24605
The CVE-2021-24605 entry concerns the WordPress plugin Custom Post View Generator (versions up to 0.4.6). The underlying issue is that the create_post_page AJAX action does not sanitize or escape user input before echoing it in the response, causing a Reflected Cross‑Site Scripting (XSS) vulnerab...