2 matches found
CVE-2024-6494 WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting XSS attacks...
WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)
Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6494 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 71728d9c7064 Credits Majdeddine B...