Description
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.
Remediation
References
Related Vulnerabilities
WordPress Plugin RapidLoad Power-Up for Autoptimize Multiple Vulnerabilities (1.7.1)
WordPress Plugin Feedify Remote Code Execution (2.0.0)
WordPress Plugin MM Forms Community 'doajaxfileupload.php' Arbitrary File Upload (2.2.6)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)