CVE-2021-24563
Last modified
CVE-2021-24563 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly. EPSS estimates a 26.38% chance of exploitation in the next 30 days.
Description
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Frontend Uploader Project | Frontend Uploader | <= 1.3.2 |
References
- http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
- https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1Exploit, Third Party Advisory
- http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
- https://wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24563?
How severe is CVE-2021-24563?
How do I fix CVE-2021-24563?
Are you affected by CVE-2021-24563?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST