Lucene search
WPScanCVE-2024-2428HistoryApr 10, 2024 - 5:15 a.m.
CVE-2024-2428
2024-04-1005:15:49
WPScan
web.nvd.nist.gov
53
organization individual details nvd
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks
Affected configurations
Node
video_player_for_youtube_projectvideo_player_for_youtubeRange<2.2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| video_player_for_youtube_project | video_player_for_youtube | * | cpe:2.3:a:video_player_for_youtube_project:video_player_for_youtube:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "The Ultimate Video Player For WordPress ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.2.3"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-2428
2024-04-10 05:15:49
wpexploit
wpexploit
The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
2024-03-20 00:00:00
wpvulndb
wpvulndb
The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
2024-03-20 00:00:00
cvelist
cvelist
vulnrichment
vulnrichment
wordfence
wordfence