Security Advisory

CVE-2012-2401

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-04-21 23:00:00

Last updated 2024-08-06 19:34:24

Assigner mitre

State PUBLISHED

Description

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

← Browse all CVEs View on cve.org ↗