Moxiecode Plupload vulnerabilities
2 known vulnerabilities affecting moxiecode/plupload.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2013-0237MEDIUMCVSS 4.3≤ 1.5.4v1.4.0+7 more2013-07-08
CVE-2013-0237 [MEDIUM] CWE-79 CVE-2013-0237: Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
nvd
CVE-2012-2401MEDIUMCVSS 5.0≤ 1.5.3v1.4.0+6 more2012-04-21
CVE-2012-2401 [MEDIUM] CWE-264 CVE-2012-2401: Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other produ
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
nvd