5

CVE-2012-2401

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Data is provided by the National Vulnerability Database (NVD)
MoxiecodePlupload Version <= 1.5.3
MoxiecodePlupload Version1.4.0
MoxiecodePlupload Version1.4.1
MoxiecodePlupload Version1.4.2
MoxiecodePlupload Version1.4.3
MoxiecodePlupload Version1.5.0
MoxiecodePlupload Version1.5.0 Updatebeta
MoxiecodePlupload Version1.5.1
MoxiecodePlupload Version1.5.2
WordpressWordpress Version <= 3.3.1
WordpressWordpress Version0.71
WordpressWordpress Version1.0
WordpressWordpress Version1.0.1
WordpressWordpress Version1.0.2
WordpressWordpress Version1.1.1
WordpressWordpress Version1.2
WordpressWordpress Version1.2.1
WordpressWordpress Version1.2.2
WordpressWordpress Version1.2.3
WordpressWordpress Version1.2.4
WordpressWordpress Version1.2.5
WordpressWordpress Version1.2.5 Updatea
WordpressWordpress Version1.3
WordpressWordpress Version1.3.2
WordpressWordpress Version1.3.3
WordpressWordpress Version1.5
WordpressWordpress Version1.5.1
WordpressWordpress Version1.5.1.1
WordpressWordpress Version1.5.1.2
WordpressWordpress Version1.5.1.3
WordpressWordpress Version1.5.2
WordpressWordpress Version2.0
WordpressWordpress Version2.0.1
WordpressWordpress Version2.0.2
WordpressWordpress Version2.0.4
WordpressWordpress Version2.0.5
WordpressWordpress Version2.0.6
WordpressWordpress Version2.0.7
WordpressWordpress Version2.0.8
WordpressWordpress Version2.0.9
WordpressWordpress Version2.0.10
WordpressWordpress Version2.0.11
WordpressWordpress Version2.1
WordpressWordpress Version2.1.1
WordpressWordpress Version2.1.2
WordpressWordpress Version2.1.3
WordpressWordpress Version2.2
WordpressWordpress Version2.2.1
WordpressWordpress Version2.2.2
WordpressWordpress Version2.2.3
WordpressWordpress Version2.3
WordpressWordpress Version2.3.1
WordpressWordpress Version2.3.2
WordpressWordpress Version2.3.3
WordpressWordpress Version2.5
WordpressWordpress Version2.5.1
WordpressWordpress Version2.6
WordpressWordpress Version2.6.1
WordpressWordpress Version2.6.2
WordpressWordpress Version2.6.3
WordpressWordpress Version2.6.5
WordpressWordpress Version2.7
WordpressWordpress Version2.7.1
WordpressWordpress Version2.8
WordpressWordpress Version2.8.1
WordpressWordpress Version2.8.2
WordpressWordpress Version2.8.3
WordpressWordpress Version2.8.4
WordpressWordpress Version2.8.4 Updatea
WordpressWordpress Version2.8.5
WordpressWordpress Version2.8.5.1
WordpressWordpress Version2.8.5.2
WordpressWordpress Version2.8.6
WordpressWordpress Version2.9
WordpressWordpress Version2.9.1
WordpressWordpress Version2.9.1.1
WordpressWordpress Version2.9.2
WordpressWordpress Version3.0
WordpressWordpress Version3.0.1
WordpressWordpress Version3.0.2
WordpressWordpress Version3.0.3
WordpressWordpress Version3.0.4
WordpressWordpress Version3.0.5
WordpressWordpress Version3.0.6
WordpressWordpress Version3.1
WordpressWordpress Version3.1.1
WordpressWordpress Version3.1.2
WordpressWordpress Version3.1.3
WordpressWordpress Version3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.04% 0.767
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N