5 matches found
CVE-2021-24563
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...
WordPress Frontend Uploader 1.3.2 Cross Site Scripting
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
CVE-2021-24563
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...
CVE-2021-24563
The CVE-2021-24563 affects the WordPress Frontend Uploader plugin prior to v1.3.2. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by the plugin not preventing HTML file uploads via its form, enabling an unauthenticated user to upload an HTML file containing JavaScript that e...
Exploit for Cross-site Scripting in Frontend_Uploader_Project Frontend_Uploader
CVE-2021-24563 Frontend Uploader alert/XSS/ ----------------...