CVE-2021-24961

Summary

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks

Affected Software

VendorProductVersion RangeStatus
UnknownWordPress File Upload4.16.3 < 4.16.3affected
Unknownwordpress-file-upload-pro4.16.3 < 4.16.3affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References