Veshraj Ghimire

1 exploit Active since Oct 2021
CVE-2021-24563 EXPLOITDB MEDIUM text WORKING POC
Frontend Uploader < 1.3.2 - Unauthenticated Stored Cross-Site Scripting via HTML File Upload
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
CVSS 6.1