← back
CVE-2014-4535

CVE-2014-4535

EPSS 4.0%◆ VulnCheck KEV
Vexday Risk Score
40Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 4.0%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
27 Dec 2019Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
Affected products
n/a · n/a