4 matches found
CVE-2023-2684
CVE-2023-2684 affects the WordPress plugin File Renaming on Upload (before 2.5.2). Root cause: the plugin does not sanitize and escape certain settings, enabling stored cross-site scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact is...
CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress File Renaming on Upload Plugin < 2.5.2 is vulnerable to Cross Site Scripting (XSS)
Software File Renaming on Upload Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2684 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 40dbdf1fdc55 Credits Hao Huynh My Le...