VYPR

Plupload

by Moxiecode

Source repositories

CVEs (3)

  • CVE-2021-23673MedNov 22, 2021
    risk 0.35cvss 5.4epss 0.01

    This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.

  • CVE-2013-0237Jul 8, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2012-2401Apr 21, 2012
    risk 0.00cvss epss 0.05

    Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.