cleantalk
Vulnerabilities and Security Researches

WordPress File Upload, CVE-2024-6494

CVE, Research URL

CVE-2024-6494

Home page URL

Security reports for WordPress File Upload

Application

WordPress File Upload

Published on
Aug 07, 2024
Research Description
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
Affected versions
Min -, max 4.24.8.
Status
vulnerable
Previous vulnerability researches
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2024-45293) , May 07, 2025
Newsletter – Send awesome emails from WordPress (CVE-2025-3583) , May 07, 2025
Insert PHP Code Snippet (CVE-2024-43275) , May 07, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2024-38785) , May 07, 2025
Section Widget (CVE-2025-46537) , May 07, 2025