5 matches found
CVE-2024-3937
creationtimestamp| type| source ---|---|--- 2025-03-14 01:48:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7516...
CVE-2024-3937
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-3937
The CVE-2024-3937 entry concerns the Playlist for Youtube WordPress plugin (versions = 1.40. The base CVSS in the initial document is MEDIUM (4.8). No exploitation status is stated in the provided materials; remediation guidance is to update to a patched version and follow vendor advisories.
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...