Lucene search

[email protected]CVE-2012-2401

HistoryApr 21, 2012 - 11:55 p.m.

CVE-2012-2401

2012-04-2123:55:01

CWE-264

[email protected]

web.nvd.nist.gov

plupload

wordpress

same origin policy

security vulnerability

cve-2012-2401

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

CPE configuration

NVD

moxiecodepluploadRange≤1.5.3

moxiecodepluploadMatch1.4.0

moxiecodepluploadMatch1.4.1

moxiecodepluploadMatch1.4.2

moxiecodepluploadMatch1.4.3

moxiecodepluploadMatch1.5.0

moxiecodepluploadMatch1.5.0beta

moxiecodepluploadMatch1.5.1

moxiecodepluploadMatch1.5.2

wordpresswordpressRange≤3.3.1

wordpresswordpressMatch0.71

wordpresswordpressMatch1.0

wordpresswordpressMatch1.0.1

wordpresswordpressMatch1.0.2

wordpresswordpressMatch1.1.1

wordpresswordpressMatch1.2

wordpresswordpressMatch1.2.1

wordpresswordpressMatch1.2.2

wordpresswordpressMatch1.2.3

wordpresswordpressMatch1.2.4

wordpresswordpressMatch1.2.5

wordpresswordpressMatch1.2.5a

wordpresswordpressMatch1.3

wordpresswordpressMatch1.3.2

wordpresswordpressMatch1.3.3

wordpresswordpressMatch1.5

wordpresswordpressMatch1.5.1

wordpresswordpressMatch1.5.1.1

wordpresswordpressMatch1.5.1.2

wordpresswordpressMatch1.5.1.3

wordpresswordpressMatch1.5.2

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.8

wordpresswordpressMatch2.0.9

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.11

wordpresswordpressMatch2.1

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.3

wordpresswordpressMatch2.3.1

wordpresswordpressMatch2.3.2

wordpresswordpressMatch2.3.3

wordpresswordpressMatch2.5

wordpresswordpressMatch2.5.1

wordpresswordpressMatch2.6

wordpresswordpressMatch2.6.1

wordpresswordpressMatch2.6.2

wordpresswordpressMatch2.6.3

wordpresswordpressMatch2.6.5

wordpresswordpressMatch2.7

wordpresswordpressMatch2.7.1

wordpresswordpressMatch2.8

wordpresswordpressMatch2.8.1

wordpresswordpressMatch2.8.2

wordpresswordpressMatch2.8.3

wordpresswordpressMatch2.8.4

wordpresswordpressMatch2.8.4a

wordpresswordpressMatch2.8.5

wordpresswordpressMatch2.8.5.1

wordpresswordpressMatch2.8.5.2

wordpresswordpressMatch2.8.6

wordpresswordpressMatch2.9

wordpresswordpressMatch2.9.1

wordpresswordpressMatch2.9.1.1

wordpresswordpressMatch2.9.2

wordpresswordpressMatch3.0

wordpresswordpressMatch3.0.1

wordpresswordpressMatch3.0.2

wordpresswordpressMatch3.0.3

wordpresswordpressMatch3.0.4

wordpresswordpressMatch3.0.5

wordpresswordpressMatch3.0.6

wordpresswordpressMatch3.1

wordpresswordpressMatch3.1.1

wordpresswordpressMatch3.1.2

wordpresswordpressMatch3.1.3

wordpresswordpressMatch3.3

CPENameOperatorVersion
moxiecode:pluploadmoxiecode pluploadle1.5.3
moxiecode:pluploadmoxiecode pluploadeq1.4.0
moxiecode:pluploadmoxiecode pluploadeq1.4.1
moxiecode:pluploadmoxiecode pluploadeq1.4.2
moxiecode:pluploadmoxiecode pluploadeq1.4.3
moxiecode:pluploadmoxiecode pluploadeq1.5.0
moxiecode:pluploadmoxiecode pluploadeq1.5.1
moxiecode:pluploadmoxiecode pluploadeq1.5.2
wordpress:wordpresswordpressle3.3.1
wordpress:wordpresswordpresseq0.71

CPE	Name	Operator	Version
moxiecode:plupload	moxiecode plupload	le	1.5.3
moxiecode:plupload	moxiecode plupload	eq	1.4.0
moxiecode:plupload	moxiecode plupload	eq	1.4.1
moxiecode:plupload	moxiecode plupload	eq	1.4.2
moxiecode:plupload	moxiecode plupload	eq	1.4.3
moxiecode:plupload	moxiecode plupload	eq	1.5.0
moxiecode:plupload	moxiecode plupload	eq	1.5.1
moxiecode:plupload	moxiecode plupload	eq	1.5.2
wordpress:wordpress	wordpress	le	3.3.1
wordpress:wordpress	wordpress	eq	0.71