18 matches found
EUVD-2014-9265
Malware in sbrugna...
CVE-2014-9444
Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
WordPress Frontend Uploader 1.3.2 Cross Site Scripting
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
WordPress Frontend Uploader 1.3.2 Plugin - Stored Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/ Version: 1.3.2...
CVE-2021-24563
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...
Hardcoded credentials
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...
CVE-2021-24563
The CVE-2021-24563 affects the WordPress Frontend Uploader plugin prior to v1.3.2. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by the plugin not preventing HTML file uploads via its form, enabling an unauthenticated user to upload an HTML file containing JavaScript that e...
CVE-2021-24563 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...
Exploit for Cross-site Scripting in Frontend_Uploader_Project Frontend_Uploader
CVE-2021-24563 Frontend Uploader alert/XSS/ ----------------...
WordPress Frontend Uploader plugin <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress Frontend Uploader plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of July 22, 2021 and is not available for download. Reason: Security Issue...
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
The plugin does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly PoC In a page/posts where the fu-upload-form shortcode is embed,...
CVE-2014-9444
Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...
Cross site scripting
Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...
CVE-2014-9444
The CVE-2014-9444 entry concerns the WordPress plugin Frontend Uploader (affected version: before 0.9.2). Affected component: errors parameter handling in the default URI, enabling unauthenticated XSS by injecting arbitrary script/HTML. Exploitation details from connected sources indicate an unau...
CVE-2014-9444
Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...
WordPress Frontend Uploader Plugin <= 0.9.2 - XSS
This vulnerability allows the attackers to inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Frontend Uploader 0.9.2 Cross Site Scripting
Exploit Title: Wordpress Frontend Uploader Cross Site ScriptingXSS Software Link: https://wordpress.org/plugins/frontend-uploader/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 27-12-2014 Version: 0.9.2 Exploit :...