CVE-2021-24563

CVE-2021-24563 is a medium-severity vulnerability in Frontend Uploader Project Frontend Uploader with a CVSS 3.x base score of 6.1. Its EPSS exploit-prediction score of 26% places it in the 98th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-79.

Key facts

Description

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly

Frequently asked questions

What is CVE-2021-24563?
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly
How severe is CVE-2021-24563?
CVE-2021-24563 has a CVSS 3.x base score of 6.1, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is low, integrity low, and availability none.
Is CVE-2021-24563 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 26% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2021-24563?
CVE-2021-24563 affects Frontend Uploader Project Frontend Uploader. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2021-24563?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2021-24563 published?
CVE-2021-24563 was published on 2021-10-11 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Frontend Uploader Project Frontend Uploader

All CVEs affecting Frontend Uploader Project Frontend Uploader →

Other CWE-79 (Cross-site Scripting (XSS)) vulnerabilities

Browse all CWE-79 (Cross-site Scripting (XSS)) vulnerabilities →