CVE-2015-3439
EPSS 3.1%
Description
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
How to fix CVE-2015-3439
To remediate CVE-2015-3439, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 4.2+dfsg-1 or later
Is CVE-2015-3439 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.2+dfsg-1