Home > Vulnerability Database > CVE-2012-2401

Mend.io Vulnerability Database

CVE-2012-2401

Date: April 21, 2012

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Language: PHP

Severity Score

5.3

Related Resources (12)

Url: http://www.debian.org/security/2012/dsa-2470

Url: http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487

Url: http://www.securityfocus.com/bid/53192

Url: http://osvdb.org/81461

Url: http://wordpress.org/news/2012/04/wordpress-3-3-2/

Url: http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487

Url: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/75208

Url: http://www.plupload.com/punbb/viewtopic.php?id=1685

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-2401

Url: http://secunia.com/advisories/49138

Url: https://www.mend.io/vulnerability-database/CVE-2012-2401

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-2401

Date: April 21, 2012

Language: PHP

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?