Description
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)
WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26272)
Oracle Application Server CVE-2008-7234 Vulnerability (CVE-2008-7234)