Описание
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.2 (включая)
cpe:2.3:a:frontend_uploader_project:frontend_uploader:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 97%
0.32709
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
EPSS
Процентиль: 97%
0.32709
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79