Security Advisory

CVE-2021-24563

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-11 10:45:30

Last updated 2024-08-03 19:35:20

Assigner WPScan

State PUBLISHED

Description

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly

← Browse all CVEs View on cve.org ↗