Cross-Site Scripting Vulnerability in Frontend Uploader Plugin for WordPress
CVE-2014-9444

Currently unrated

Key Information:

Vendor: Wordpress
Status: Frontend Uploader
Vendor: CVE Published:; 2 January 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the Frontend Uploader plugin version 0.9.2 for WordPress. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application, specifically through the 'errors[fu-disallowed-mime-type][0][name]' parameter to the default URI. Successful exploitation of this vulnerability could enable attackers to manipulate content or conduct phishing attacks, thereby compromising the integrity and security of affected WordPress sites.

References

http://seclists.org/fulldisclosure/2014/Dec/122

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/71808

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/129749/WordPress-Fro...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 2, 2015