CVE-2023-2684
CVE-2023-2684 affects the WordPress plugin File Renaming on Upload (before 2.5.2). Root cause: the plugin does not sanitize and escape certain settings, enabling stored cross-site scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact is...