Medium severity6.1NVD Advisory· Published Aug 7, 2024· Updated Jun 17, 2026
CVE-2024-6494
CVE-2024-6494
Description
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.24.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5b21a9be-b5fe-47ef-91c7-018dd42f763f/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.