AI Score
Confidence
High
EPSS
Percentile
9.5%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
[
{
"vendor": "Unknown",
"product": "WordPress File Upload",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.24.8"
}
],
"defaultStatus": "unaffected"
}
]
[
{
"cpes": [
"cpe:2.3:a:wordpress_file_upload_project:wordpress_file_upload:*:-:-:*:-:wordpress:*:*"
],
"vendor": "wordpress_file_upload_project",
"product": "wordpress_file_upload",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.24.8",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]