CVE-2024-12451
CVE-2024-12451 documents a Stored Cross-Site Scripting (XSS) flaw in the HTML5 chat WordPress plugin (versions up to and including 1.04) via the HTML5CHAT shortcode due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inje...