QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2401

Published: Apr 21, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

http://www.plupload.com/punbb/viewtopic.php?id=1685

x_refsource_CONFIRM

http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487

x_refsource_CONFIRM

wordpress-plupload-sec-bypass(75208)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

x_refsource_MISC

http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://wordpress.org/news/2012/04/wordpress-3-3-2/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.