CVE-2014-4535
CVE-2014-4535
Vexday Risk Score
40Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 4.0%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
27 Dec 2019Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
Affected products
n/a · n/a