CVE-2021-24518

The CVE describes an authenticated Stored XSS in the WPFront Notification Bar WordPress plugin prior to version 2.0.0.07176. The vulnerability arises because the plugin does not sanitize/escape its Custom CSS setting, allowing high-privilege users (e.g., admins) to inject XSS payloads even when u...