CVE-2014-4535

Name of the Vulnerable Software and Affected Versions Import Legacy Media plugin versions 0.1 and earlier for WordPress

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the filename parameter to "getid3/demos/demo.mimeonly.php".

Recommendations For Import Legacy Media plugin versions 0.1 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the "getid3/demos/demo.mimeonly.php" endpoint to minimize the risk of XSS attacks. Avoid using the filename parameter in the affected endpoint until the issue is resolved.