In all libraries SWFUpload (22.214.171.124, probably earlier versions + version Beta), Plupload of the version is lower 1.5.4(?) is found by XSS (in SWFUpload) and CSRF (in Plupload) vulnerability!
Hash sum vulnerable file swfupload.swf
Hash sum file bugfixed swfupload.swf:
SHA-1: 7156a56ffa8a90589951637c8c2833e84f3e8d4b https://nealpoole.com/blog/2012/05/x...load-plupload/