Scripting Vulnerability in Plupload for WordPress
CVE-2012-2401

Currently unrated

Key Information:

Vendor: Wordpress
Status: Plupload; WordPress
Vendor: CVE Published:; 21 April 2012

Summary

Plupload versions prior to 1.5.4, as integrated into WordPress prior to version 3.3.2, are susceptible to a cross-site scripting vulnerability. This flaw allows remote attackers to exploit the Same Origin Policy by embedding malicious content in their SWF files. Consequently, this enables unauthorized access to sensitive information and could potentially lead to further exploitation of the web application. It is crucial for users to update their installations to mitigate risks associated with this vulnerability.

References

http://osvdb.org/81461

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/49138

third-party-advisoryx_refsource_SECUNIA

http://www.plupload.com/punbb/viewtopic.php?id=1685

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 21, 2012
Vulnerability Reserved
Apr 21, 2012