Stored Cross-Site Scripting Vulnerability in LuckyWP Table of Contents Plugin
CVE-2024-9641
Currently unrated
What is CVE-2024-9641?
The LuckyWP Table of Contents plugin for WordPress, prior to version 2.1.7, exhibits a security flaw due to inadequate sanitization and escaping of certain settings. This vulnerability potentially allows users with high privileges, such as administrators, to conduct Stored Cross-Site Scripting (XSS) attacks. This is particularly concerning in configurations where the 'unfiltered_html' capability is restricted, such as in multisite environments. Failure to address this vulnerability may result in the execution of malicious scripts, compromising the security of affected WordPress installations.