Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
wordpress wordpress 3.9.3 |
||
wordpress wordpress 4.0 |
||
wordpress wordpress 3.9.0 |
||
wordpress wordpress 4.1.1 |
||
wordpress wordpress 3.9.1 |
||
wordpress wordpress 3.9.2 |
||
wordpress wordpress 4.0.1 |
||
wordpress wordpress 4.1 |