CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3439

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.3%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2015-3439

Wordpress » Wordpress » Version: 3.9.0

cpe:2.3:a:wordpress:wordpress:3.9.0
Wordpress » Wordpress » Version: 3.9.1

cpe:2.3:a:wordpress:wordpress:3.9.1
Wordpress » Wordpress » Version: 3.9.2

cpe:2.3:a:wordpress:wordpress:3.9.2
Wordpress » Wordpress » Version: 3.9.3

cpe:2.3:a:wordpress:wordpress:3.9.3
Wordpress » Wordpress » Version: 4.0

cpe:2.3:a:wordpress:wordpress:4.0
Wordpress » Wordpress » Version: 4.0.1

cpe:2.3:a:wordpress:wordpress:4.0.1
Wordpress » Wordpress » Version: 4.1

cpe:2.3:a:wordpress:wordpress:4.1
Wordpress » Wordpress » Version: 4.1.1

cpe:2.3:a:wordpress:wordpress:4.1.1
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3439

Products

Pricing

Contact Us