Vulnerability Description
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frontend Uploader Project | Frontend Uploader | <= 1.3.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-CrExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1ExploitThird Party Advisory
- http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-CrExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1ExploitThird Party Advisory
FAQ
What is CVE-2021-24563?
CVE-2021-24563 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript f...
How severe is CVE-2021-24563?
CVE-2021-24563 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24563?
Check the references section above for vendor advisories and patch information. Affected products include: Frontend Uploader Project Frontend Uploader.