4 matches found
CVE-2023-0605
creationtimestamp| type| source ---|---|--- 2023-04-10 18:35:58+00:00| seen| https://t.me/cibsecurity/61759...
CVE-2023-0605
The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0605 Auto Rename Media On Upload < 1.1.0 - Admin+ Stored XSS
The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0605
The CVE-2023-0605 entry concerns the WordPress plugin Auto Rename Media On Upload, versions before 1.1.0. The issue is that the plugin does not sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in mul...