Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2401)

Description

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Remediation

References

Related Vulnerabilities

WordPress Plugin LiveChat-WP live chat Cross-Site Scripting (3.7.3)

MySQL CVE-2021-2208 Vulnerability (CVE-2021-2208)

OpenSSL Improper Input Validation Vulnerability (CVE-2017-3733)

SharePoint CVE-2024-21426 Vulnerability (CVE-2024-21426)

Internet Information Services Other Vulnerability (CVE-1999-1538)

Severity

Medium

Classification

CVE-2012-2401 CWE-264

Tags

Missing Update Known Vulnerabilities