EPSS
Percentile
40.0%
Because of these vulnerabilities, authenticated users with permissions to add media or edit media can inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.
Update the plugin.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2040