VDB

DEBIAN-CVE-2015-3439

DEBIAN-CVE-2015-3439 PUBLISHED CVSS 8.5 HIGH

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Risk Scores

CVSS 4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:11wordpress0, 0, 0
Debian:12wordpress0, 0, 0
Debian:14wordpress0
Debian:13wordpress0, 0, 0

Timeline

  • Aug 5, 2015 CVE Published
  • May 7, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›