CVE-2024-10939
CVE-2024-10939 affects the Image Widget WordPress plugin prior to 4.4.11. The flaw is improper sanitization/escaping of certain Image Widget settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Red Hat, NVD/NIS...