EUVD-2014-9265

Malware in sbrugna...

CVE-2014-9444

Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

WordPress Frontend Uploader 1.3.2 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/ Version: 1.3.2...

WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

CVE-2021-24563

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

CVE-2021-24563

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

Hardcoded credentials

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

CVE-2021-24563 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

CVE-2021-24563

The CVE-2021-24563 affects the WordPress Frontend Uploader plugin prior to v1.3.2. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by the plugin not preventing HTML file uploads via its form, enabling an unauthenticated user to upload an HTML file containing JavaScript that e...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Frontend Uploader prior to version 1.3.2, which stems from the fact that the plugin does not prevent the uploading of HTML files, e.g., it allows unauthenticate...

Exploit for Cross-site Scripting in Frontend_Uploader_Project Frontend_Uploader

CVE-2021-24563 Frontend Uploader alert/XSS/ ----------------...

Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly PoC In a page/posts where the fu-upload-form shortcode is embed,...

WordPress Frontend Uploader plugin <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress Frontend Uploader plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of July 22, 2021 and is not available for download. Reason: Security Issue...

CVE-2014-9444

Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...

CVE-2014-9444

Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...

CVE-2014-9444

The CVE-2014-9444 entry concerns the WordPress plugin Frontend Uploader (affected version: before 0.9.2). Affected component: errors parameter handling in the default URI, enabling unauthenticated XSS by injecting arbitrary script/HTML. Exploitation details from connected sources indicate an unau...

WordPress Frontend Uploader Plugin <= 0.9.2 - XSS

This vulnerability allows the attackers to inject arbitrary web script or HTML. Solution Update the plugin...

WordPress plugin Frontend Uploader 'errors' parameter cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Frontend Uploader 'errors' parameter of the WordPress plugin because it...