5
CVE-2012-2401
- EPSS 5.32%
- Veröffentlicht 21.04.2012 23:55:01
- Zuletzt bearbeitet 16.06.2026 23:41:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 3.3.1 - Same Origin Policy Bypass
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.3.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.3.2)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.32% | 0.916 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/49138
http://www.debian.org/security/2012/dsa-2470
http://wordpress.org/news/2012/04/wordpress-3-3-2/
http://www.securityfocus.com/bid/53192
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
http://osvdb.org/81461
http://www.plupload.com/punbb/viewtopic.php?id=1685
https://exchange.xforce.ibmcloud.com/vulnerabilities/75208
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab4dc20-ce50-4ad0-aff4-9fc529d1911f