CVE-2024-13331
CVE-2024-13331 affects the WordPress plugin WP Dream Carousel (versions up to 1.0.1b). The issue is a Reflected Cross‑Site Scripting caused by not sanitising and escaping a parameter before it is echoed in the page. The advisory notes this could be exploited against high‑privilege users (e.g., ad...