Lucene search
FAIYAZ AHMADWPEX-ID:7F9271F2-4DE4-4BE3-8746-2A3F149EB1D1HistorySep 25, 2023 - 12:00 a.m.
WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting
2023-09-2500:00:00
FAIYAZ AHMAD
36
wordpress
file upload
cross-site scripting
0.0004 Low
EPSS
Percentile
14.1%
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as authors to perform Stored Cross-Site Scripting attacks.
1. Add the following shortcode to a post:
[wordpress_file_upload redirect="true" redirectlink="javascript:alert(1)"]
2. Upload any file on the resulting post.
3. After the upload completes, you will see the XSS alert in the browser.Related
nvd
nvd
CVE-2023-4811
2023-10-16 20:15:16
wpvulndb
wpvulndb
WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting
2023-09-25 00:00:00
zdt
zdt
WordPress File Upload Plugin < 4.23.3 - Stored XSS Vulnerability
2024-03-18 00:00:00
prion
prion
Cross site scripting
2023-10-16 20:15:00
cve
cve
CVE-2023-4811
2023-10-16 20:15:16
cvelist
cvelist