Vulnerability Description
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iptanus | Wordpress File Upload | < 4.16.3 |
| Iptanus | Wordpress File Upload Pro | < 4.16.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2677722PatchThird Party Advisory
- https://wpscan.com/vulnerability/c911bbbd-0196-4e3d-ada3-4efb8a339954ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2677722PatchThird Party Advisory
- https://wpscan.com/vulnerability/c911bbbd-0196-4e3d-ada3-4efb8a339954ExploitThird Party Advisory
FAQ
What is CVE-2021-24961?
CVE-2021-24961 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role a...
How severe is CVE-2021-24961?
CVE-2021-24961 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24961?
Check the references section above for vendor advisories and patch information. Affected products include: Iptanus Wordpress File Upload, Iptanus Wordpress File Upload Pro.