Skip to main content

Plupload

4 CVEs product

Monthly

CVE-2021-23562 npm HIGH PATCH This Week

This affects the package plupload before 2.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Plupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2016-4566 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Plupload
NVD GitHub
CVSS 3.0
6.1
EPSS
4.7%
CVE-2013-0237 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Plupload Fedora
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-2401 MEDIUM PATCH This Month

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Plupload
NVD
CVSS 2.0
5.0
EPSS
1.0%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

This affects the package plupload before 2.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Plupload
NVD GitHub
EPSS 5% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Plupload
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Plupload +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Plupload
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy