Log out
Get PRO

Latest

Input validation vulnerability in SWFUpload (40 plugins affected)

  • Severity: medium-risk
  • Status: Open
  • Publication: November 9, 2012

Cross-site scripting (XSS) is a type of vulnerability that allows attackers to inject malicious code into webpages. In the case of SWFUpload 2.2.0.1 and earlier, WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, the vulnerability allows an attacker to inject web script or HTML into a webpage through the movieName parameter, related to the “ExternalInterface.call” function.

Detected in:

Album and Image Gallery with Lightbox – Flagallery Photo Portfolio fixed vulnerable versions: >= * < 2.12
apptha-banner fixed vulnerable versions: >= * <= *
fluid-accessible-pager fixed vulnerable versions: >= * <= *
fluid-accessible-rich-inline-edit fixed vulnerable versions: >= * <= *
fluid-accessible-ui-options fixed vulnerable versions: >= * <= *
fluid-accessible-uploader fixed vulnerable versions: >= * <= *
fresh-page fixed vulnerable versions: >= * <= *
mac-dock-photogallery fixed vulnerable versions: >= * <= 1.0
NextGEN Gallery – Create an Amazing Photo Gallery in Seconds fixed vulnerable versions:
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery fixed vulnerable versions:
sprapid fixed vulnerable versions: >= * <= *
WordPress fixed vulnerable versions: >= * < 3.3.2
WordPress Gallery Plugin – NextGEN Gallery fixed vulnerable versions: >= * <= 1.9.6
wp-ecommerce-cvs-importer fixed vulnerable versions: >= * <= *
wp-extended fixed vulnerable versions: >= * <= *
3D Flick Slideshow open vulnerable versions: >= * <= 2.2
apptha-slider-gallery open vulnerable versions: >= * <= *
Blaze Slideshow open vulnerable versions: >= * <= 2.4
Comment Extra Fields open vulnerable versions: >= * <= 1.7
dm-albums open vulnerable versions: >= * <= *
Homepage SlideShow open vulnerable versions: >= * <= 2.2
Image News Slider open vulnerable versions: >= * <= 3.4
Levo Slideshow open vulnerable versions: >= * <= 2.2
mac-dock-gallery open vulnerable versions: >= * < 3.0
MailPoet Newsletters (Previous) open vulnerable versions: >= * <= 2.1.6
PDF File Browser open vulnerable versions: >= * <= *
PICA Photo Gallery open vulnerable versions: >= * <= *
Power Zoomer open vulnerable versions: >= * <= 2.1
Powerplay Gallery open vulnerable versions: >= * < 3.2
slide-show-pro open vulnerable versions: >= * <= 2.3
Smart Slideshow open vulnerable versions: >= * <= 2.3
Spotlight open vulnerable versions: >= * < 4.4
Ultimate TinyMCE open vulnerable versions: >= * <= 3.5
wp-3dbanner-rotator open vulnerable versions: >= * <= 2.1
wp-bliss-gallery open vulnerable versions: >= * < 2.3
wp-carouselslideshow open vulnerable versions: >= * <= 3.10
wp-dreamworkgallery open vulnerable versions: >= * <= 2.2
wp-flipslideshow open vulnerable versions: >= * <= 2.1
wp-matrix-gallery open vulnerable versions: >= * <= 2.2
wp-royal-gallery open vulnerable versions: >= * <= 2.0
wp-superb-slideshow open vulnerable versions: >= * <= 2.3
wp-vertical-gallery open vulnerable versions: >= * <= 2.2
wp-yasslideshow open vulnerable versions: >= * <= 3.3

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.