CVE-2021-24960

Summary

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks

Affected Software

VendorProductVersion RangeStatus
UnknownWordPress File Upload4.16.3 < 4.16.3affected
Unknownwordpress-file-upload-pro4.16.3 < 4.16.3affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References