wordpress is vulnerable to unrestricted file upload. The MIME type of a file upload is not validated to match its file contents and extension, which would allow a remote attacker to upload a malicious file to perform cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
johnpbloch/wordpress-core | eq | 5.0.0 | |
johnpbloch/wordpress-core | le | 4.9.8 |