Vulnerabilities > Wordpress > Wordpress > 3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-04-21 | CVE-2012-2401 | Permissions, Privileges, and Access Controls vulnerability in multiple products Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. | 5.0 |
2012-04-21 | CVE-2012-2400 | Remote vulnerability in WordPress Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | 10.0 |
2012-04-21 | CVE-2012-2399 | Remote vulnerability in WordPress Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | 10.0 |
2012-01-06 | CVE-2012-0287 | Cross-Site Scripting vulnerability in Wordpress 3.3 Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. | 2.6 |