Description
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Authentication Vulnerability (CVE-2014-3945)
WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)
WordPress Plugin Newsletters Cross-Site Scripting (4.6.18)
WordPress Plugin Dropdown Menu Widget Cross-Site Request Forgery (1.9.1)
WordPress Plugin Albo Pretorio On line Multiple Vulnerabilities (3.2)