CVE-2024-6478

Name of the Vulnerable Software and Affected Versions: CTT Expresso para WooCommerce WordPress plugin versions prior to 3.2.13

Description: The issue concerns the CTT Expresso para WooCommerce WordPress plugin, where certain settings are not properly sanitised and escaped. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even in scenarios where the unfiltered html capability is disallowed, like in multisite setups.

Recommendations: For versions prior to 3.2.13, update to version 3.2.13 or later to resolve the issue.