Lucene search
WPScanCVELIST:CVE-2024-2428HistoryApr 10, 2024 - 5:00 a.m.
CVE-2024-2428 The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
2024-04-1005:00:02
WPScan
www.cve.org
5
cve-2024-2428
ultimate video player
wordpress plugin
capability check
rest route
contributor users
stored xss
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks
CNA Affected
[
{
"vendor": "Unknown",
"product": "The Ultimate Video Player For WordPress ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.2.3"
}
],
"defaultStatus": "unaffected"
}
]Related
wpexploit
wpexploit
The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
2024-03-20 00:00:00
nvd
nvd
CVE-2024-2428
2024-04-10 05:15:49
wpvulndb
wpvulndb
The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
2024-03-20 00:00:00
vulnrichment
vulnrichment
cve
cve
CVE-2024-2428
2024-04-10 05:15:49
wordfence
wordfence