CVE-2024-12467
CVE-2024-12467: Pago por Redsys WordPress plugin has a reflected XSS in Ds_MerchantParameters affecting all versions up to 1.0.12. Exploitation is unauthenticated; user action (e.g., clicking a link) triggers script execution. The issue is addressed in a subsequent release (1.0.13 per changelog),...