CVE-2021-24736 – Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24736
The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. El plugin Easy Download Manager and File Sharing Plugin with frontend file upload - a better Media Library - Shared Files de WordPress versiones anteriores a 1.6.57, no sanea y escapa de algunas de sus configuraciones antes de mostrarlas en los atributos, que podría conllevar a problemas de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/d72275bd-0c66-4b2a-940d-d5256b5426cc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •