WordPress Media File Renamer Plugin <= 1.7.0 - Multiple XSS
Media File Renamer
Because of these vulnerabilities, authenticated users with permissions to add media or edit media can inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.
Update the plugin.
Type XSS (Cross Site Scripting) OWASP Top 10 A3: Cross Site Scripting (XSS)