wp-includes/functions.php in WordPress prior to 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote malicious users to conduct XSS attacks via a crafted file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |