WordPress File Upload Plugin 漏洞列表

共找到 1 个与 WordPress File Upload Plugin 相关的漏洞

📅 加载漏洞趋势中...

CVE-2024-6651: WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: WordPress File Upload Plugin

The WordPress File Upload plugin before version 4.24.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'dir' parameter in the file browser page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.