Published: 22/05/2016 Updated: 02/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload prior to 2.1.9, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
plupload plupload

Debian Bug report logs - #823640 wordpress: CVE-2016-4566: Reflected XSS in PLupload and mediaelement Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Craig Small <csmall@debianorg> Date: Fri, 6 May 2016 21:48:0 ...

CodePathweek7 Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-4566 Summary: Vulnerability types: WordPress <= 451 - Pupload Same Origin Method Execution (SOME) Tested in version: 311 Fixed in version: 452

Week 7 Assignment - WordPress vs. Kali

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document 3 affecting an old version of WordPress Version of WordPress Tested: 42 Vulnerability 1 - Legacy Theme Preview Cross-Site Scripting (XSS) Steps to reproduce: Go to any post Paste the following as a comment: <a href='/wp-admin/' title="

Experimenting with Kali Linux tools to exploit vulnerabilities in WordPress

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) WordPress 40-428 - Pupload Same-Origin Method Execution (SOME) attack Summary: a cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2016-4566 b wpvulndbco

Project 7 - WordPress Pentesting Time spent: 15 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 1 CVE-2017-6817: Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerability types: XSS Tested in version: 4116 Fixed in version: 603 GIF W

CWE-79 http://www.plupload.com/punbb/viewtopic.php?pid=28690 https://wordpress.org/news/2016/05/wordpress-4-5-2/http://www.openwall.com/lists/oss-security/2016/05/07/2 https://codex.wordpress.org/Version_4.5.2 https://core.trac.wordpress.org/changeset/37382/https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e https://wpvulndb.com/vulnerabilities/8489 http://www.securitytracker.com/id/1035818 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823640 https://nvd.nist.gov https://github.com/sunnyl66/CyberSecurity

CVE-2016-4566

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect