The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Iptanus |
|
| Wordpress File Upload Project |
|
No data.
References
History
Fri, 11 Apr 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Iptanus
Iptanus wordpress File Upload |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Iptanus
Iptanus wordpress File Upload |
Wed, 07 Aug 2024 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wordpress File Upload Project
Wordpress File Upload Project wordpress File Upload |
|
| CPEs | cpe:2.3:a:wordpress_file_upload_project:wordpress_file_upload:*:-:-:*:-:wordpress:*:* | |
| Vendors & Products |
Wordpress File Upload Project
Wordpress File Upload Project wordpress File Upload |
|
| Metrics |
cvssV3_1
|
Wed, 07 Aug 2024 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks. | |
| Title | WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-08-07T06:00:06.219Z
Updated: 2024-08-07T13:11:42.671Z
Reserved: 2024-07-03T19:37:49.194Z
Link: CVE-2024-6494
Vulnrichment
Updated: 2024-08-07T13:11:35.308Z
NVD
Status : Analyzed
Published: 2024-08-07T06:16:47.953
Modified: 2025-04-11T15:13:36.673
Link: CVE-2024-6494
Redhat
No data.