CVE-2024-4756

CVE-2024-4756 affects the WP Backpack WordPress plugin up to version 2.1. Root cause: the plugin does not sanitise/escape certain settings, enabling stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as multisite). Exploit details are not provided in th...