Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as authors to perform Stored Cross-Site Scripting attacks.
1. Add the following shortcode to a post:
[wordpress_file_upload redirect="true" redirectlink="javascript:alert(1)"]
2. Upload any file on the resulting post.
3. After the upload completes, you will see the XSS alert in the browser.