WordPress · Wp Upload Restriction · CVE-2021-34625
Name of the Vulnerable Software and Affected Versions:
WP Upload Restriction WordPress plugin versions 2.2.3 and prior
Description:
A vulnerability in the `saveCustomType` function allows low-level authenticated users to inject arbitrary web scripts.
Recommendations:
For versions 2.2.3 and prior, consider disabling the `saveCustomType` function until a patch is available to prevent arbitrary web script injection.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.