SWFUpload - Cross-Site Scripting (XSS)

Sign up to our free email alerts service for instant vulnerability notifications!

Affects

Plugins apptha-banner
apptha-slider-gallery
blaze-slide-show-for-wordpress
fluid-accessible-rich-inline-edit
fluid-accessible-pager
fluid-accessible-uploader
fluid-accessible-ui-options
fresh-page
pdw-file-browser
power-zoomer
slide-show-pro
smart-slide-show
spotlightyour
sprapid
wp-3dbanner-rotator
wp-3dflick-slideshow
wp-bliss-gallery
wp-carouselslideshow
wp-dreamworkgallery
wp-ecommerce-cvs-importer
wp-extended
wp-flipslideshow
wp-homepage-slideshow
wp-image-news-slider
wp-levoslideshow
wp-matrix-gallery
wp-powerplaygallery
wp-royal-gallery
wp-superb-slideshow
wp-vertical-gallery
wp-yasslideshow
pica-photo-gallery
mac-dock-gallery
flash-album-gallery
fixed in version 2.12

dm-albums

References

URL http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
URL http://seclists.org/fulldisclosure/2012/Nov/51
URL https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 214
Verified No
WPVDB ID 6107

Timeline

Added 2014-08-01 (over 2 years ago)
Last Updated 2016-07-27 (4 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.