CVE-2024-12874
The CVE-2024-12874 entry concerns the WordPress plugin Top Comments, affected up to version 1.0. The issue is caused by insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege admins (e.g., in multisite) even when unfiltered_html is disallowed. Public exploit...