2 matches found
CVE-2014-2040
Multiple cross-site scripting XSS vulnerabilities in the 1 callbackmulticheck, 2 callbackradio, and 3 callbackwysiwygin functions in mfrhclass.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inje...
WordPress Media File Renamer 1.7.0 Cross Site Scripting
Title: Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Date: 1/31/2014 Author: Larry W. Cashdollar, @larry0 Vendor: Notified 2/4/2014 CVE: 2014-2040 Download: http://www.meow.fr/media-file-renamer/ Vulnerability: The following functions do not sanitize input before being echoed out: ...