Description
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin GD Rating System Unspecified Vulnerability (2.6)
WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-22201)
WordPress Plugin VideoWhisper Video Presentation 'vw_upload.php' Arbitrary File Upload (3.17)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)