CVE-2024-13501
CVE-2024-13501 affects the WordPress WP-FormAssembly plugin. It enables Stored Cross-Site Scripting via the plugin’s shortcodes (formassembly) in all versions up to 2.0.11 due to insufficient input sanitization and output escaping on user-supplied attributes. The impact is that authenticated atta...