CVE-2012-2401
N/A
N/A
Summary
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://osvdb.org/81461
- http://secunia.com/advisories/49138
- http://www.plupload.com/punbb/viewtopic.php?id=1685
- http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75208
- http://www.debian.org/security/2012/dsa-2470
- https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
- http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
- http://www.securityfocus.com/bid/53192
- http://wordpress.org/news/2012/04/wordpress-3-3-2/
References
- http://osvdb.org/81461
- http://secunia.com/advisories/49138
- http://www.plupload.com/punbb/viewtopic.php?id=1685
- http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75208
- http://www.debian.org/security/2012/dsa-2470
- https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
- http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
- http://www.securityfocus.com/bid/53192
- http://wordpress.org/news/2012/04/wordpress-3-3-2/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.