Description

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Remediation

References

CVE-2015-3439

Related Vulnerabilities

WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)

WordPress Plugin Wow Viral Signups SQL Injection (2.1)

Seo Panel Observable Discrepancy Vulnerability (CVE-2024-22647)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4947)

Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-3878)

Severity

Medium

Classification

CVE-2015-3439 CWE-707

Tags

Missing Update Known Vulnerabilities