Medium severity6.1NVD Advisory· Published Jun 14, 2021· Updated Jun 17, 2026
CVE-2021-24349
CVE-2021-24349
Description
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Gallery from filesdescription
- Range: <=1.6.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66canvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.