Cross-Domain Scripting Vulnerability in Plupload before 1.5.4

Cross-Domain Scripting Vulnerability in Plupload before 1.5.4

CVE-2012-2401 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Learn more about our Wordpress Pen Testing.