CVE-2021-24670
CVE-2021-24670 affects the CoolClock WordPress plugin prior to version 4.3.5. The root cause is failure to properly escape some shortcode attributes, enabling Stored Cross-Site Scripting (XSS) by users with as low as Contributor role. Impact is client-side code execution through crafted shortcode...