CVE-2021-25034
CVE-2021-25034 affects the WordPress WP User plugin before 7.0. The root cause is lack of sanitisation/escaping of certain parameters in pages using the [wp_user] shortcode, enabling Reflected Cross-Site Scripting (XSS). Public sources (NVD/NVD-derived entries and vendor references) describe a re...