CVE-2023-4819 Information

Description

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore an attacker can upload an allowed file extension injected with malicious scripts.

Reference

https://wpscan.com/vulnerability/4423b023-cf4a-46cb-b314-7a09ac08b29a