Summary WordPress allows users with Author permissions and above to upload files with a variety of extensions. In some cases, it is possible for a user to mount a cross-site scripting attack using those uploaded files.
How Does It Work? File uploads are allowed by default for users with Author permissions and above. WordPress uses a list of file extensions to determine whether a particular
No comments:
Post a Comment