Search criteria
4 vulnerabilities found for plupload by moxiecode
CVE-2013-0237 (GCVE-0-2013-0237)
Vulnerability from nvd – Published: 2013-07-08 20:00 – Updated: 2024-09-16 22:21
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=904122 | x_refsource_CONFIRM |
| http://codex.wordpress.org/Version_3.5.1 | x_refsource_CONFIRM |
| https://github.com/moxiecode/plupload/commit/2d74… | x_refsource_CONFIRM |
| http://wordpress.org/news/2013/01/wordpress-3-5-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-08T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=904122",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"name": "http://codex.wordpress.org/Version_3.5.1",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"name": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5",
"refsource": "CONFIRM",
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"name": "http://wordpress.org/news/2013/01/wordpress-3-5-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0237",
"datePublished": "2013-07-08T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:09.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2401 (GCVE-0-2012-2401)
Vulnerability from nvd – Published: 2012-04-21 23:00 – Updated: 2024-08-06 19:34
VLAI
Summary
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://osvdb.org/81461 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/49138 | third-party-advisoryx_refsource_SECUNIA |
| http://www.plupload.com/punbb/viewtopic.php?id=1685 | x_refsource_CONFIRM |
| http://core.trac.wordpress.org/browser/branches/3… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2470 | vendor-advisoryx_refsource_DEBIAN |
| https://nealpoole.com/blog/2012/05/xss-and-csrf-v… | x_refsource_MISC |
| http://core.trac.wordpress.org/browser/branches/3… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53192 | vdb-entryx_refsource_BID |
| http://wordpress.org/news/2012/04/wordpress-3-3-2/ | x_refsource_CONFIRM |
Date Public
2012-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81461",
"refsource": "OSVDB",
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49138"
},
{
"name": "http://www.plupload.com/punbb/viewtopic.php?id=1685",
"refsource": "CONFIRM",
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"name": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"name": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/",
"refsource": "MISC",
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"name": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53192"
},
{
"name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2401",
"datePublished": "2012-04-21T23:00:00.000Z",
"dateReserved": "2012-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:24.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0237 (GCVE-0-2013-0237)
Vulnerability from cvelistv5 – Published: 2013-07-08 20:00 – Updated: 2024-09-16 22:21
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=904122 | x_refsource_CONFIRM |
| http://codex.wordpress.org/Version_3.5.1 | x_refsource_CONFIRM |
| https://github.com/moxiecode/plupload/commit/2d74… | x_refsource_CONFIRM |
| http://wordpress.org/news/2013/01/wordpress-3-5-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-08T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=904122",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"name": "http://codex.wordpress.org/Version_3.5.1",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"name": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5",
"refsource": "CONFIRM",
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"name": "http://wordpress.org/news/2013/01/wordpress-3-5-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0237",
"datePublished": "2013-07-08T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:09.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2401 (GCVE-0-2012-2401)
Vulnerability from cvelistv5 – Published: 2012-04-21 23:00 – Updated: 2024-08-06 19:34
VLAI
Summary
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://osvdb.org/81461 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/49138 | third-party-advisoryx_refsource_SECUNIA |
| http://www.plupload.com/punbb/viewtopic.php?id=1685 | x_refsource_CONFIRM |
| http://core.trac.wordpress.org/browser/branches/3… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2470 | vendor-advisoryx_refsource_DEBIAN |
| https://nealpoole.com/blog/2012/05/xss-and-csrf-v… | x_refsource_MISC |
| http://core.trac.wordpress.org/browser/branches/3… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53192 | vdb-entryx_refsource_BID |
| http://wordpress.org/news/2012/04/wordpress-3-3-2/ | x_refsource_CONFIRM |
Date Public
2012-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81461",
"refsource": "OSVDB",
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49138"
},
{
"name": "http://www.plupload.com/punbb/viewtopic.php?id=1685",
"refsource": "CONFIRM",
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"name": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"name": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/",
"refsource": "MISC",
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"name": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53192"
},
{
"name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2401",
"datePublished": "2012-04-21T23:00:00.000Z",
"dateReserved": "2012-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:24.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}