RSS   Vulnerabilities for 'Plupload'   RSS

2016-05-21
 
CVE-2016-4566

 

 
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

 
2012-04-21
 
CVE-2012-2401

 

 
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

 


Copyright 2024, cxsecurity.com

 

Back to Top