Jayarjo

**Name of the Vulnerable Software and Affected Versions** Moxiecode plupload versions prior to 1.5.5 WordPress versions prior to 3.5.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `id` parameter. This can lead to the execution of malicious code on the victim's browser. **Recommendations** For Moxiecode plupload versions prior to 1.5.5, update to version 1.5.5 or later. For WordPress versions prior to 3.5.1, update to version 3.5.1 or later. As a temporary workaround, consider restricting access to the `id` parameter in the affected API endpoint until a patch is available.