Unauthenticated XSS Vulnerability in File Upload Plugin
CVE-2024-6494
Currently unrated
Summary
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
References
Timeline
Vulnerability published