CVE-2024-9836
The CVE-2024-9836 entry describes a stored XSS flaw in the WordPress RSS Feed Widget plugin, affecting versions prior to 3.0.0. The root cause is failure to validate and escape certain shortcode attributes before echoing them in posts/pages where the shortcode is used, enabling attackers with con...