Lucene search

K
cvelistDebianCVELIST:CVE-2015-3439
HistoryAug 05, 2015 - 10:00 a.m.

CVE-2015-3439

2015-08-0510:00:00
debian
www.cve.org
9
cross-site scripting
plupload
wordpress 3.9.x
wordpress 4.0.x
wordpress 4.1.x
remote attackers
javascript functions

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.2%

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.2%