Medium severity6.1NVD Advisory· Published Dec 27, 2019· Updated Jun 17, 2026
CVE-2014-4535
CVE-2014-4535
Description
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Import Legacy Media plugindescription
- Range: <=0.1
Patches
Vulnerability mechanics
References
1- codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xssnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.