Description
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Remediation
References
Related Vulnerabilities
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)
WordPress Plugin Loco Translate Unspecified Vulnerability (2.5.4)
Moodle CVE-2024-25979 Vulnerability (CVE-2024-25979)
WordPress Plugin WP Payeezy Pay Local File Inclusion (2.97)
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)