The vulnerability is a flaw that affects all versions of the plugin up to and including 3.23.4. It stems from insufficient input sanitisation and output escaping on user-supplied attributes within the url parameter of multiple widgets. Vulnerability Breakdown: CVE-2024-5416 Type : Stored Cross-Site Scripting (XSS). CVSS Score : 5.4 (Medium).
The vulnerability could be exploited by passing specially crafted input containing a numeric parameter whose value collided with an alphanumeric parameter's hash value. php 5416 exploit github
Direct GitHub searches for "php 5416 exploit" often yield limited results because: The vulnerability is a flaw that affects all