Description

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Remediation

References

CVE-2013-0237

Related Vulnerabilities

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-1181)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Security Bypass (5.7.13)

WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.4)

WordPress Plugin Import any XML or CSV File to WordPress Cross-Site Scripting (3.4.6)

WordPress Plugin Yoast SEO Cross-Site Scripting (11.5)

Severity

Medium

Classification

CVE-2013-0237 CWE-707

Tags

Missing Update Known Vulnerabilities