CVE-2024-10815
CVE-2024-10815 pertains to the PostLists WordPress plugin (up to 2.0.2). The issue arises because the plugin does not escape the $_SERVER['REQUEST_URI'] value before echoing it into an HTML attribute, enabling a Reflected XSS in older browsers. Affected plugin: PostLists (WordPress). Root cause: ...