Cross-Site Scripting Vulnerability in Plupload by Ephox
CVE-2015-3439

Currently unrated

Key Information:

Vendor

Wordpress
Status
Debian Linux
Vendor
CVE Published:
5 August 2015

What is CVE-2015-3439?

A cross-site scripting vulnerability exists in the Ephox Plupload Flash shim, allowing remote attackers to execute arbitrary JavaScript code in the context of the target site. This vulnerability leverages the target parameter of the script to potentially execute harmful JavaScript functions, thus affecting the security of WordPress sites that utilize this component. It is advised to update to the latest versions to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://zoczus.blogspot.com/2015/04/plupload-same-origin-m...
x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
https://wordpress.org/news/2015/04/wordpress-4-1-2/
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.