CVE-2012-2401

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
http://osvdb.org/81461
http://secunia.com/advisories/49138	Vendor Advisory
http://wordpress.org/news/2012/04/wordpress-3-3-2/	Patch Vendor Advisory
http://www.debian.org/security/2012/dsa-2470
http://www.plupload.com/punbb/viewtopic.php?id=1685
http://www.securityfocus.com/bid/53192
https://exchange.xforce.ibmcloud.com/vulnerabilities/75208
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
http://osvdb.org/81461
http://secunia.com/advisories/49138	Vendor Advisory
http://wordpress.org/news/2012/04/wordpress-3-3-2/	Patch Vendor Advisory
http://www.debian.org/security/2012/dsa-2470
http://www.plupload.com/punbb/viewtopic.php?id=1685
http://www.securityfocus.com/bid/53192
https://exchange.xforce.ibmcloud.com/vulnerabilities/75208
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moxiecode:plupload::::::::
	cpe:2.3:a:moxiecode:plupload:1.4.0:::::::*
	cpe:2.3:a:moxiecode:plupload:1.4.1:::::::*
	cpe:2.3:a:moxiecode:plupload:1.4.2:::::::*
	cpe:2.3:a:moxiecode:plupload:1.4.3:::::::*
	cpe:2.3:a:moxiecode:plupload:1.5.0:::::::*
	cpe:2.3:a:moxiecode:plupload:1.5.0:beta::::::
	cpe:2.3:a:moxiecode:plupload:1.5.1:::::::*
	cpe:2.3:a:moxiecode:plupload:1.5.2:::::::*
	cpe:2.3:a:wordpress:wordpress::::::::
	cpe:2.3:a:wordpress:wordpress:0.71:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.4:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.5:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.5:a::::::
	cpe:2.3:a:wordpress:wordpress:1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.3.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.3.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.8:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.9:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.11:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.7.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.2:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.3:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.4:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.4:a::::::
cpe:2.3:a:wordpress:wordpress:2.8.5:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.5.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.5.2:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.6:::::::*
cpe:2.3:a:wordpress:wordpress:2.9:::::::*
cpe:2.3:a:wordpress:wordpress:2.9.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.9.1.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.9.2:::::::*
cpe:2.3:a:wordpress:wordpress:3.0:::::::*
cpe:2.3:a:wordpress:wordpress:3.0.1:::::::*
cpe:2.3:a:wordpress:wordpress:3.0.2:::::::*
cpe:2.3:a:wordpress:wordpress:3.0.3:::::::*
cpe:2.3:a:wordpress:wordpress:3.0.4:::::::*
cpe:2.3:a:wordpress:wordpress:3.0.5:::::::*
cpe:2.3:a:wordpress:wordpress:3.0.6:::::::*
cpe:2.3:a:wordpress:wordpress:3.1:::::::*
cpe:2.3:a:wordpress:wordpress:3.1.1:::::::*
cpe:2.3:a:wordpress:wordpress:3.1.2:::::::*
cpe:2.3:a:wordpress:wordpress:3.1.3:::::::*
cpe:2.3:a:wordpress:wordpress:3.3:::::::*

History

21 Nov 2024, 01:39

Type	Values Removed	Values Added
References	~~() http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487 -~~	() http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487 -
References	~~() http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487 -~~	() http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487 -
References	~~() http://osvdb.org/81461 -~~	() http://osvdb.org/81461 -
References	~~() http://secunia.com/advisories/49138 - Vendor Advisory~~	() http://secunia.com/advisories/49138 - Vendor Advisory
References	~~() http://wordpress.org/news/2012/04/wordpress-3-3-2/ - Patch, Vendor Advisory~~	() http://wordpress.org/news/2012/04/wordpress-3-3-2/ - Patch, Vendor Advisory
References	~~() http://www.debian.org/security/2012/dsa-2470 -~~	() http://www.debian.org/security/2012/dsa-2470 -
References	~~() http://www.plupload.com/punbb/viewtopic.php?id=1685 -~~	() http://www.plupload.com/punbb/viewtopic.php?id=1685 -
References	~~() http://www.securityfocus.com/bid/53192 -~~	() http://www.securityfocus.com/bid/53192 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/75208 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/75208 -
References	~~() https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ -~~	() https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ -

Information

Published : 2012-04-21 23:55

Updated : 2024-11-21 01:39

NVD link : CVE-2012-2401

Mitre link : CVE-2012-2401

CVE.ORG link : CVE-2012-2401

JSON object : View

Products Affected

moxiecode

plupload

wordpress

wordpress

CWE

CWE-264

Permissions, Privileges, and Access Controls

5.0 /10