Cross-Site Scripting Vulnerability in Moxiecode Plupload for WordPress
CVE-2013-0237

Currently unrated

Key Information:

Vendor: Wordpress
Status: Plupload; WordPress
Vendor: CVE Published:; 8 July 2013

What is CVE-2013-0237?

An XSS vulnerability exists in Moxiecode Plupload prior to version 1.5.5, as utilized in WordPress versions prior to 3.5.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the id parameter, posing a risk of unauthorized actions and data exposure for users interacting with affected installations.

References

https://bugzilla.redhat.com/show_bug.cgi?id=904122

x_refsource_CONFIRM

http://codex.wordpress.org/Version_3.5.1

x_refsource_CONFIRM

https://github.com/moxiecode/plupload/commit/2d746ee9083c...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 8, 2013

Wordpress

What is CVE-2013-0237?

References

Timeline