CVE-2024-12873
The CVE-2024-12873 entry concerns the WordPress plugin Custom Field Manager (versions up to 1.0). The root cause is that the plugin does not sanitize and escape a parameter before echoing it back in the page, producing a reflected XSS. Impact is described as enabling script execution in admin or ...