CVE-2023-3720

Name of the Vulnerable Software and Affected Versions Upload Media By URL WordPress plugin versions prior to 1.0.8

Description The issue is related to the lack of a CSRF check when uploading files, which could allow attackers to make logged-in admins upload files on their behalf, including HTML containing JS code for users with the unfiltered html capability.

Recommendations For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting the unfiltered html capability to minimize the risk of exploitation. Restrict access to file upload functionality to prevent unauthorized uploads until the issue is resolved.