Description
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)
MySQL Out-of-bounds Write Vulnerability (CVE-2009-4484)
Oracle JRE CVE-2023-21843 Vulnerability (CVE-2023-21843)
WordPress Plugin Carousel slideshow 'upload.php' Arbitrary File Upload (3.9)