Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability discovered by apple502j in WordPress File Upload plugin (versions <= 4.16.2).
Update the WordPress File Upload plugin to the latest available version (at least 4.16.3).