CVE-2012-2401

Currently unrated

Key Information:

Vendor: Wordpress
Status: Plupload; WordPress
Vendor: CVE Published:; 21 April 2012

Summary

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

References

http://osvdb.org/81461

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/49138

third-party-advisoryx_refsource_SECUNIA

http://www.plupload.com/punbb/viewtopic.php?id=1685

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 21, 2012
Vulnerability Reserved
Apr 21, 2012