Exploit for File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting CVE-2023-2684

Name: Exploit for File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting CVE-2023-2684
Rating: 5 (13 reviews)

2023-05-25 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:42B1F017-C497-4825-B12A-8DCE3E108A55
Multiple inputs in the plugin's settings -- for example `frou_filenaming_rules_opt[datetime_format]` -- are vulnerable to XSS. Entering the string `Y-m-d_H-i-s_u\<\s\c\r\i\p\t\>\a\l\e\r\t\(\1\)\<\/\s\c\r\i\p\t\>` into setting textboxes results in XSS.