QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24563

Published: Oct 11, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly

Vendor	Product	Versions
Unknown	Frontend Uploader	affected `1.3.2 - <= 1.3.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1

x_refsource_MISC

http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.