WordPress File Upload, CVE-2023-4811

CVE, Research URL: CVE-2023-4811
Home page URL: Security reports for WordPress File Upload
Application: WordPress File Upload
Published on: Oct 17, 2023
Research Description: The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
Affected versions: Min -, max 4.24.1.
Status: vulnerable