CVE-2013-0237

Moxiecode Plupload < 1.5.4 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

References (4)

Scores

EPSS 0.0043
EPSS Percentile 62.2%

Details

CWE
CWE-79
Status published
Products (50)
moxiecode/plupload < 1.5.4
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
moxiecode/plupload
... and 40 more
Published Jul 08, 2013
Tracked Since Feb 18, 2026