Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as authors to perform Stored Cross-Site Scripting attacks.
1. Add the following shortcode to a post: [wordpress_file_upload redirect=“true” redirectlink=“javascript:alert(1)”] 2. Upload any file on the resulting post. 3. After the upload completes, you will see the XSS alert in the browser.