Filtered by vendor Frontend Uploader Project
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9444 | 1 Frontend Uploader Project | 1 Frontend Uploader | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. | ||||
| CVE-2021-24563 | 1 Frontend Uploader Project | 1 Frontend Uploader | 2024-11-21 | 6.1 Medium |
| The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly | ||||
Page 1 of 1.