EIP-2026-113510

This exploit demonstrates a stored XSS vulnerability in WordPress File Upload plugin versions prior to 4.23.3. The PoC leverages a maliciously crafted shortcode to execute arbitrary JavaScript when a file is uploaded.