Frontend Uploader Project Frontend Uploader vulnerabilities
2 known vulnerabilities affecting frontend_uploader_project/frontend_uploader.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-24563P3MEDIUMCVSS 6.1PoC≤ 1.3.22021-10-11
CVE-2021-24563 [MEDIUM] CWE-79 CVE-2021-24563: The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
nvd
CVE-2014-9444P4MEDIUMCVSS 4.3PoCv0.9.22015-01-02
CVE-2014-9444 [MEDIUM] CWE-79 CVE-2014-9444: Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.
nvd