CVE-2023-0605

The CVE-2023-0605 entry concerns the WordPress plugin Auto Rename Media On Upload, versions before 1.1.0. The issue is that the plugin does not sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in mul...