Medium severity6.1NVD Advisory· Published Oct 11, 2021· Updated Jun 17, 2026
CVE-2021-24563
CVE-2021-24563
Description
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Frontend Uploaderdescription
- Range: <=1.3.2
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/e53ef41e-a176-4d00-916a-3a03835370f1nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.