Description
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)
WordPress Plugin Real-Time Find and Replace Cross-Site Scripting (3.8)
ColdFusion User-Agent cross-site scripting
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321)
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13)