CVE-2024-8051

Name of the Vulnerable Software and Affected Versions: The Special Feed Items WordPress plugin versions 1.0.1 and earlier

Description: The issue is related to the lack of CSRF checks in some areas of the plugin, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations: For versions 1.0.1 and earlier, update to a version that includes proper CSRF checks and sanitization to prevent Stored XSS payloads from being added. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.