Description
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Breezing Forms SQL Injection (1.2.7.30)
WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7)
WordPress Plugin AnnounceME Cross-Site Scripting (0.3.3)
MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)
WordPress Plugin WatchMan-Site7 Cross-Site Request Forgery (3.0.2)