CVE-2024-12717

Name of the Vulnerable Software and Affected Versions Aklamator INfeed WordPress plugin versions through 2.0.0

Description The issue concerns the Aklamator INfeed WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations For Aklamator INfeed WordPress plugin versions through 2.0.0, update to a version that properly sanitises and escapes its settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.