Lucene search

K
nvd[email protected]NVD:CVE-2024-3937
HistoryMay 29, 2024 - 6:18 a.m.

CVE-2024-3937

2024-05-2906:18:32
web.nvd.nist.gov
nvd
cve-2024-3937
wordpress
plugin
xss
stored cross-site scripting
privilege escalation
unfiltered_html
multisite setup

AI Score

7.8

Confidence

High

EPSS

0

Percentile

9.0%

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

AI Score

7.8

Confidence

High

EPSS

0

Percentile

9.0%