Unfiltered HTML Settings Vulnerability in Files WordPress Plugin Could Allow Stored XSS Attacks
CVE-2024-10710
Currently unrated
What is CVE-2024-10710?
The YaDisk Files WordPress plugin prior to version 1.2.5 contains a vulnerability where certain settings are not properly sanitized and escaped. This oversight allows users with high privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups. As a result, an attacker could inject malicious scripts into the application, compromising the integrity and security of the website.