CVE-2021-24563

Name of the Vulnerable Software and Affected Versions Frontend Uploader WordPress plugin versions 1.3.2 and earlier

Description The issue allows unauthenticated users to upload malicious HTML files containing JavaScript via the plugin's form. These malicious files can be triggered when accessed directly, potentially leading to security issues.

Recommendations For versions 1.3.2 and earlier, update to a version that prevents HTML file uploads via the plugin's form to mitigate the risk. As a temporary workaround, consider restricting access to the file upload feature until a patch is available.