CVE-2023-4811 WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting

2023-10-1619:39:16

WPScan

www.cve.org

wordpress

file upload

v4.23.3

stored xss

security issue

0.0004 Low

EPSS

Percentile

14.1%

JSON

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WordPress File Upload",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.23.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/7f9271f2-4de4-4be3-8746-2a3f149eb1d1

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-4811