Cross-site Scripting Vulnerability in Hot Files Plugin for WordPress
CVE-2014-4588

Currently unrated

Key Information:

Vendor: Wordpress
Status: File Sharing And Download Manager Project
Vendor: CVE Published:; 2 July 2014

Summary

The Hot Files: File Sharing and Download Manager plugin for WordPress contains a cross-site scripting vulnerability in the tpls/editmedia.php file. This flaw allows remote attackers to inject arbitrary web scripts or HTML code via the mediaid parameter, potentially compromising the security of the affected WordPress site.

References

http://codevigilant.com/disclosure/wp-plugin-wphotfiles-a...

x_refsource_MISC

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014