Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plupload plupload vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload prior to 2.1.9, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Wordpress Wordpress
Plupload Plupload
4 Github repositories
605
VMScore
CVE-2021-23562
This affects the package plupload prior to 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
Tiny Plupload
383
VMScore
CVE-2013-0237
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload prior to 1.5.5, as used in WordPress prior to 3.5.1 and other products, allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.3.2
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.6.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0
Wordpress Wordpress 2.7
Wordpress Wordpress 2.9
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.6.5
Wordpress Wordpress 1.6.2
Wordpress Wordpress 1.5.2
Wordpress Wordpress 1.5
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.3
Wordpress Wordpress 1.3.2
Wordpress Wordpress 0.71
Moxiecode Plupload
Wordpress Wordpress
445
VMScore
CVE-2012-2401
Plupload prior to 1.5.4, as used in wp-includes/js/plupload/ in WordPress prior to 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote malicious users to bypass the Same Origin Policy via crafted content.
Wordpress Wordpress
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.2
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1
Wordpress Wordpress 2.8.1
Wordpress Wordpress 2.8.2
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.3.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.7
Wordpress Wordpress 3.0.3
Wordpress Wordpress 2.3.3
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.2.2
Wordpress Wordpress 3.0.1
578
VMScore
CVE-2018-16388
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote malicious users to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
E107 E107 2.1.8
383
VMScore
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started