CVE-2021-24646

CVE-2021-24646

The Booking.com Banner Creator WordPress plugin through 1.4.2 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Source: CVE-2021-24646