Lucene search

[email protected]CVE-2014-125110

HistoryApr 01, 2024 - 12:15 a.m.

CVE-2014-125110

2024-04-0100:15:49

CWE-79

[email protected]

web.nvd.nist.gov

cross site scripting

remote attack

component upgrade

patch identifier

vulnerability identifier

security issue

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.4.4 is able to address this issue. The identifier of the patch is c846327df030a0a97da036a2f07c769ab9284ddb. It is recommended to upgrade the affected component. The identifier VDB-258781 was assigned to this vulnerability.

Affected configurations

Vulners

Node

wordpressupload_file_pluginMatch2.4.0

wordpressupload_file_pluginMatch2.4.1

wordpressupload_file_pluginMatch2.4.2

wordpressupload_file_pluginMatch2.4.3

VendorProductVersionCPE
wordpressupload_file_plugin2.4.0cpe:2.3:a:wordpress:upload_file_plugin:2.4.0:*:*:*:*:*:*:*
wordpressupload_file_plugin2.4.1cpe:2.3:a:wordpress:upload_file_plugin:2.4.1:*:*:*:*:*:*:*
wordpressupload_file_plugin2.4.2cpe:2.3:a:wordpress:upload_file_plugin:2.4.2:*:*:*:*:*:*:*
wordpressupload_file_plugin2.4.3cpe:2.3:a:wordpress:upload_file_plugin:2.4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	upload_file_plugin	2.4.0	cpe:2.3:a:wordpress:upload_file_plugin:2.4.0:::::::*
wordpress	upload_file_plugin	2.4.1	cpe:2.3:a:wordpress:upload_file_plugin:2.4.1:::::::*
wordpress	upload_file_plugin	2.4.2	cpe:2.3:a:wordpress:upload_file_plugin:2.4.2:::::::*
wordpress	upload_file_plugin	2.4.3	cpe:2.3:a:wordpress:upload_file_plugin:2.4.3:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "wp-file-upload Plugin",
    "versions": [
      {
        "version": "2.4.0",
        "status": "affected"
      },
      {
        "version": "2.4.1",
        "status": "affected"
      },
      {
        "version": "2.4.2",
        "status": "affected"
      },
      {
        "version": "2.4.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb

github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4

vuldb.com/?ctiid.258781

vuldb.com/?id.258781

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2014-125110

nvd1 cvelist1