Description
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Stallion WordPress SEO Cross-Site Scripting (2.0)
WordPress Plugin Product Catalog Arbitrary File Upload (3.1.1)
WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4223)
WordPress Plugin Carousel slideshow 'upload.php' Arbitrary File Upload (3.9)