CVE-2021-34631
Summary: CVE-2021-34631 affects the WordPress NewsPlugin (versions ≤ 1.0.18). The issue is a CSRF in the handle_save_style function in ~/news-plugin.php that enables stored XSS by injecting arbitrary web scripts. The in-scope impact includes potential script execution in authenticated contexts; C...