Vulnerabilities > CVE-2021-24563 - Unspecified vulnerability in Frontend Uploader Project Frontend Uploader 0.9.2/1.3.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
References
- http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.html
- http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1
- https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1