Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2040


Vulnerability Score 2.1 2.1
CVE Id CVE-2014-2040
Last Modified 07 Mar 2014 03:32:07
Published 03 Mar 2014 01:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE



Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.

Vulnerable Systems


  • Jordy Meow Media File Renamer 1.7.0



BID - 65715

BUGTRAQ - 20140226 Persistent XSS in Media File Renamer V1.7.0 wordpress plugin

Last Updated: 27 May 2016 11:04:32