CVE-2012-2401
EPSS 1.0%
描述
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
如何修補 CVE-2012-2401
要修補 CVE-2012-2401,請將受影響套件升級到下列已修補版本。
- Debian/wordpress—升級至 3.3.2+dfsg-1 或更新版本
CVE-2012-2401 正在被利用嗎?
低 — EPSS 為 1.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 3.3.2+dfsg-1