CVE-2014-2040
Summary
| CVE | CVE-2014-2040 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-03 18:55:03 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file. |
Risk And Classification
Primary CVSS: v2.0 2.1 from [email protected]
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS: 0.001510000 probability, percentile 0.351770000 (date 2026-05-05)
Problem Types: CWE-79 | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
HighAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:H/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jordy Meow | Media File Renamer | 1.7.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.vapid.dhs.org | Exploit |
| WordPress Media File Renamer Plugin Multiple HTML Injection Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.