Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.
References
Configurations
History
21 Nov 2024, 02:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/archive/1/531270/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/65715 - | |
References | () http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/index.html - Exploit |
Information
Published : 2014-03-03 18:55
Updated : 2025-04-12 10:46
NVD link : CVE-2014-2040
Mitre link : CVE-2014-2040
CVE.ORG link : CVE-2014-2040
JSON object : View
Products Affected
jordy_meow
- media_file_renamer
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')