WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2401)

Description

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Remediation

References

Related Vulnerabilities

WordPress Plugin Deeper Comments Security Bypass (2.1.1)

WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.6.8)

WordPress 5.4.x Directory Traversal (5.4 - 5.4.15)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)

Severity

Medium

Classification

CVE-2012-2401 CWE-264

Tags

Missing Update Known Vulnerabilities