CVE-2014-125090

Name of the Vulnerable Software and Affected Versions Media Downloader Plugin version 0.1.992

Description A vulnerability was found in the Media Downloader Plugin, affecting the dl file resumable function of the getfile.php file. The manipulation of the file argument leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For Media Downloader Plugin version 0.1.992, upgrade to version 0.1.993 to address this issue. As a temporary workaround, consider disabling the dl file resumable function until the patch is applied. Restrict access to the getfile.php file to minimize the risk of exploitation. Avoid using the file argument in the affected API endpoint until the issue is resolved.