Back to search
CVE-2021-24349
Published: Jun 14, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Gallery from files | affected 1.6.0 - <= 1.6.0 |
References
https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66ca
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now