CVE-2012-2401
EPSS 1.0%
Description
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
How to fix CVE-2012-2401
To remediate CVE-2012-2401, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 3.3.2+dfsg-1 or later
Is CVE-2012-2401 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.3.2+dfsg-1