Hi,
I have purchased easy profile on 21/12/2013 and implemented successfully, only problem is, it allows authenticated users to upload malicious files in the function “Profile Picture” and "Cover Pircture". There is no check on the file content type being uploaded. For instance,
It was possible to upload a HTML file with malicious script, which can be used as a Stored XSS.
So how to restrict the image upload to image types only
Regards