Lucene search
China National Vulnerability DatabaseCNVD-2023-04631HistoryMar 09, 2022 - 12:00 a.m.
WordPress File Upload plugin cross-site scripting vulnerability (CNVD-2023-04631)
2022-03-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
wordpress
file upload
cross-site scripting
vulnerability
cnvd-2023-04631
php
blogging platform
plugin
svg files
attackers
contributors
permissions
EPSS
0.001
Percentile
21.4%
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. Cross-site scripting vulnerability exists in versions of WordPress File Upload plugin prior to 4.16.3, which stems from the plugin allowing users with permissions as low as Contributor The vulnerability is caused by the plugin allowing users with permissions as low as Contributor to upload SVG files, which can be exploited by attackers to perform cross-site scripting attacks.
Related
wpexploit
wpexploit
patchstack
patchstack
nvd
nvd
CVE-2021-24960
2022-03-07 09:15:08
prion
prion
Cross site scripting
2022-03-07 09:15:00
wpvulndb
wpvulndb
cvelist
cvelist
cve
cve
CVE-2021-24960
2022-03-07 09:15:08