Lucene search
HistoryJun 26, 2024 - 6:15 a.m.
CVE-2024-5169
video widget wordpress
stored cross-site scripting
high privilege users
unfiltered html
multisite setup
The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected configurations
Node
sunil_nandablue_wrench_video_widgetRange≤1.2.3wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "Video Widget",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.2.3"
}
],
"defaultStatus": "affected"
}
]Related
wpexploit
wpexploit
Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget
2024-06-05 00:00:00
wpvulndb
wpvulndb
Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget
2024-06-05 00:00:00
cvelist
cvelist
CVE-2024-5169 Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget
2024-06-26 06:00:04
nvd
nvd
CVE-2024-5169
2024-06-26 06:15:16