CVE-2014-4535
MEDIUM EXPLOITED NUCLEIImport Legacy Media < 0.1 - Cross-Site Scripting via Filename Parameter
Title source: llmExploitation Summary
CVE-2014-4535 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
Nuclei Templates (1)
Import Legacy Media <= 0.1 - Cross-Site Scripting
MEDIUMby daffainfo
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss
Scores
CVSS v3
6.1
EPSS
0.0380
EPSS Percentile
88.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2024-09-19
CWE
CWE-79
Status
published
Products (1)
import_legacy_media_project/import_legacy_media
< 0.1
Published
Dec 27, 2019
Tracked Since
Feb 18, 2026