CVE-2024-8656
The WPFactory Helper plugin for WordPress is affected by CVE-2024-8656: Reflected Cross‑Site Scripting in all versions up to and including 1.7.0 due to insufficient escaping in add_query_arg. This allows unauthenticated attackers to inject scripts in pages triggered by user actions. Patch: update...