ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP REST API Plugin <= 1.1 - JSONP SOP Bypass

Product
WP REST API
Description
Because of this vulnerability, it is possible to serve up arbitrary Flash SWF files from the API. These Flash files bypass browser cross-origin domain policies.
Solution
Upgrade the plugin.
Classification
Type BYPASS
References
WordPress
CVE
Name CVE-N/A
Versions
Affected In <= 1.1
Fixed In 1.1.1
Disclosure date
2014-06-26
Submitter
ThreatPress