Candidate: CVE-2012-2401
PublicDate: 2012-04-21 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2401
 http://wordpress.org/news/2012/04/wordpress-3-3-2/
 http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
 http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487
Description:
 Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress
 before 3.3.2 and other products, enables scripting regardless of the domain
 from which the SWF content was loaded, which allows remote attackers to
 bypass the Same Origin Policy via crafted content.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
 upstream: http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487
upstream_wordpress: needed
hardy_wordpress: ignored (reached end-of-life)
lucid_wordpress: ignored (reached end-of-life)
natty_wordpress: ignored (reached end-of-life)
oneiric_wordpress: ignored (reached end-of-life)
precise_wordpress: ignored (reached end-of-life)
precise/esm_wordpress: DNE (precise was needed)
quantal_wordpress: not-affected (3.3.2+dfsg-1)
raring_wordpress: not-affected (3.3.2+dfsg-1)
saucy_wordpress: not-affected (3.3.2+dfsg-1)
trusty_wordpress: not-affected (3.3.2+dfsg-1)
trusty/esm_wordpress: DNE (trusty was not-affected [3.3.2+dfsg-1])
utopic_wordpress: not-affected (3.3.2+dfsg-1)
vivid_wordpress: not-affected (3.3.2+dfsg-1)
vivid/stable-phone-overlay_wordpress: DNE
vivid/ubuntu-core_wordpress: DNE
wily_wordpress: not-affected (3.3.2+dfsg-1)
xenial_wordpress: not-affected (3.3.2+dfsg-1)
yakkety_wordpress: not-affected (3.3.2+dfsg-1)
zesty_wordpress: not-affected (3.3.2+dfsg-1)
devel_wordpress: not-affected (3.3.2+dfsg-1)