VIR Vulnerability Intelligence Relay

CVE-2012-2399

critical
Published 2012-04-21 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2399

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://wordpress.org/news/2012/04/wordpress-3-3-2/

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed3.3.2+dfsg-1
debian debianbullseyefixed3.3.2+dfsg-1
debian debianforkyfixed3.3.2+dfsg-1
debian debiansidfixed3.3.2+dfsg-1
debian debiantrixiefixed3.3.2+dfsg-1

Application impact
VendorProductVersionsFixed
wordpresswordpress{"endIncluding":"3.3.1"}
wordpresswordpress0.71
wordpresswordpress1.0
wordpresswordpress1.0.1
wordpresswordpress1.0.2
wordpresswordpress1.1.1
wordpresswordpress1.2
wordpresswordpress1.2.1
wordpresswordpress1.2.2
wordpresswordpress1.2.3
wordpresswordpress1.2.4
wordpresswordpress1.2.5
wordpresswordpress1.3
wordpresswordpress1.3.2
wordpresswordpress1.3.3
wordpresswordpress1.5
wordpresswordpress1.5.1
wordpresswordpress1.5.1.1
wordpresswordpress1.5.1.2
wordpresswordpress1.5.1.3
wordpresswordpress1.5.2
wordpresswordpress2.0
wordpresswordpress2.0.1
wordpresswordpress2.0.2
wordpresswordpress2.0.4
wordpresswordpress2.0.5
wordpresswordpress2.0.6
wordpresswordpress2.0.7
wordpresswordpress2.0.8
wordpresswordpress2.0.9
wordpresswordpress2.0.10
wordpresswordpress2.0.11
wordpresswordpress2.1
wordpresswordpress2.1.1
wordpresswordpress2.1.2
wordpresswordpress2.1.3
wordpresswordpress2.2
wordpresswordpress2.2.1
wordpresswordpress2.2.2
wordpresswordpress2.2.3
wordpresswordpress2.3
wordpresswordpress2.3.1
wordpresswordpress2.3.2
wordpresswordpress2.3.3
wordpresswordpress2.5
wordpresswordpress2.5.1
wordpresswordpress2.6
wordpresswordpress2.6.1
wordpresswordpress2.6.2
wordpresswordpress2.6.3
wordpresswordpress2.6.5
wordpresswordpress2.7
wordpresswordpress2.7.1
wordpresswordpress2.8
wordpresswordpress2.8.1
wordpresswordpress2.8.2
wordpresswordpress2.8.3
wordpresswordpress2.8.4
wordpresswordpress2.8.5
wordpresswordpress2.8.5.1
wordpresswordpress2.8.5.2
wordpresswordpress2.8.6
wordpresswordpress2.9
wordpresswordpress2.9.1
wordpresswordpress2.9.1.1
wordpresswordpress2.9.2
wordpresswordpress3.0
wordpresswordpress3.0.1
wordpresswordpress3.0.2
wordpresswordpress3.0.3
wordpresswordpress3.0.4
wordpresswordpress3.0.5
wordpresswordpress3.0.6
wordpresswordpress3.1
wordpresswordpress3.1.1
wordpresswordpress3.1.2
wordpresswordpress3.1.3
wordpresswordpress3.3

References

Verify integrity in audit chain (admin only). AS-IS.