Vulnerabilities > Plupload

DATE CVE VULNERABILITY TITLE RISK
2016-05-22 CVE-2016-4566 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
network
low complexity
wordpress plupload CWE-79
6.1