CVE-2024-11272
CVE-2024-11272 affects the WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms (versions before 2.6.0). The root cause is lack of sanitization and escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed ...