Low severity3.5NVD Advisory· Published Apr 8, 2024· Updated Apr 15, 2026

CVE-2014-125111

Description

A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in Wp-Insert WordPress plugin up to 2.0.8 allows remote attackers to inject arbitrary web scripts or HTML.

A cross-site scripting (XSS) vulnerability has been discovered in the Wp-Insert WordPress plugin, affecting versions up to and including 2.0.8. The issue stems from improper sanitization of user-supplied input within an unknown functionality, allowing attackers to inject malicious scripts.

Exploitation can be performed remotely without authentication, making it accessible to any external attacker. The vulnerability is triggered when a victim views a crafted page or content processed by the affected plugin, leading to script execution in their browser context.

Successful exploitation enables an attacker to execute arbitrary JavaScript, potentially leading to session hijacking, defacement, or redirection to malicious sites. The impact is limited by the low privileges required, but still poses a risk to site visitors.

The vulnerability has been addressed in version 2.0.9 of the plugin. The fix is contained in commit a07b7b08084b9b85859f3968ce7fde0fd1fcbba3 [1]. Users are strongly advised to upgrade to the latest version to mitigate the risk.

References

XSS Exploit Fix. · wp-plugins/wp-insert@a07b7b0

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Wp Plugins/Wp Insertreferences
WordPress/Wp Insertllm-fuzzy
Range: <=2.0.8
Package: https://wordpress.org/plugins/wp-insert

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.227
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000