CVE-2014-125090

Published: Mar 4, 2023

Modified: Mar 5, 2025

PUBLISHED

CVSS v3.1

3.5

LOW

Description

A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The patch is identified as 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability.

Vendor	Product	Versions
n/a	Media Downloader Plugin	affected `0.1.992`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://vuldb.com/?id.222262

vdb-entry

technical-description

https://vuldb.com/?ctiid.222262

signature

permissions-required

https://github.com/wp-plugins/media-downloader/commit/77beb720c682b9300035ab5f96eee225181d8a92

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-125090

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References