Cross-Site Scripting Vulnerability in Plupload by Ephox
CVE-2015-3439

Currently unrated

Key Information:

Vendor: Wordpress
Status: Debian Linux
Vendor: CVE Published:; 5 August 2015

Summary

A cross-site scripting vulnerability exists in the Ephox Plupload Flash shim, allowing remote attackers to execute arbitrary JavaScript code in the context of the target site. This vulnerability leverages the target parameter of the script to potentially execute harmful JavaScript functions, thus affecting the security of WordPress sites that utilize this component. It is advised to update to the latest versions to mitigate the risk associated with this vulnerability.

References

http://zoczus.blogspot.com/2015/04/plupload-same-origin-m...

x_refsource_MISC

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://wordpress.org/news/2015/04/wordpress-4-1-2/

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 5, 2015
Vulnerability Reserved
Apr 28, 2015