CVE-2025-48168

CVE-2025-48168 applies to the WordPress plugin Apollo - Sticky Full Width HTML5 Audio Player. It describes a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Affected software/version: Apollo - Sticky Full Width HTML5 Audio ...

WordPress Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Cross Site Scripting (XSS) Vulnerability

WordPress Apollo - Sticky Full Width HTML5 Audio Player = 3.4 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Apollo - Sticky Full Width HTML5 Audio Player versions = 3.4...