WordPress < 5.4.2 - Authenticated XSS via Media Files

2020-06-11T00:00:00
ID WPVDB-ID:741D07D1-2476-430A-B82F-E1228A9343A4
Type wpvulndb
Reporter wpvulndb
Modified 2020-06-13T05:00:12

Description

Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.