5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Plupload is vulnerable to same origin policy bypass. Overly permissive Flash allows scripts from any domain to be run, allowing remote attackers to bypass the same origin policy via crafted swf
content.
core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
osvdb.org/81461
secunia.com/advisories/49138
wordpress.org/news/2012/04/wordpress-3-3-2/
www.debian.org/security/2012/dsa-2470
www.plupload.com/punbb/viewtopic.php?id=1685
www.securityfocus.com/bid/53192
exchange.xforce.ibmcloud.com/vulnerabilities/75208
github.com/moxiecode/plupload/commit/1fc3a509d74819d1b42b1674d97b34f6b04b7015
nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/