CVE-2024-9611

Name of the Vulnerable Software and Affected Versions Increase upload file size & Maximum Execution Time limit plugin for WordPress versions up to and including 2.0

Description The plugin is susceptible to Reflected Cross-Site Scripting due to the improper use of add query arg without adequate escaping on the URL. This allows unauthenticated attackers to inject arbitrary web scripts into pages that execute when a user performs a specific action, such as clicking on a link, after being tricked into doing so.

Recommendations For versions up to and including 2.0, update to a version that includes the necessary escaping for the add query arg function to prevent Reflected Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.