In WordPress prior to 4.9.9 and 5.x prior to 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |