Updated WordPress 3.5 Issues (markdown)

2013-01-27 07:10:11 -08:00
parent 0f72e2a78b
commit e3bc479b19
1 changed files with 3 additions and 1 deletions
--- a/WordPress-3.5-Issues.md
+++ b/WordPress-3.5-Issues.md
@@ -28,6 +28,8 @@ Proof of Concept: ```[embed]javascript:alert(document.cookie)[/embed]```

 This issue was successfully investigated by [@erwan_lr](https://twitter.com/@erwan_lr), a WPScan Team member. "[Plupload] Allows you to upload files using HTML5 Gears, Silverlight, Flash, BrowserPlus or normal forms, providing some unique features such as upload progress, image resizing and chunked uploads." [2]

+The vulnerable file is included in WordPress versions 3.5, 3.4.2, 3.4.1, 3.4, 3.3.3 and 3.3.2.
+
 Proof of Concept: ```wp-includes/js/plupload/plupload.flash.swf?id=\"));}catch(e){alert(1);}//```

 ## References and Further Reading