The WP Attachments WordPress plugin through 5.0.5 does...
Moderate severity
Unreviewed
Published
Jan 16, 2023
to the GitHub Advisory Database
•
Updated Jan 24, 2023
Description
Published by the National Vulnerability Database
Jan 16, 2023
Published to the GitHub Advisory Database
Jan 16, 2023
Last updated
Jan 24, 2023
The WP Attachments WordPress plugin through 5.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References