The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.
Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "><script>alert(/XSS/)</script>
Shivam Rai
Shivam Rai
Yes
2021-09-15 (about 9 months ago)
2021-09-15 (about 9 months ago)
2022-04-08 (about 2 months ago)