4 matches found
CVE-2021-24540
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2021-24540
creationtimestamp| type| source ---|---|--- 2021-08-16 14:14:33+00:00| seen| https://t.me/cibsecurity/27354...
CVE-2021-24540 Wonder Video Embed < 1.8 - Contributor+ Stored XSS
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2021-24540
Affected software : Wonder Video Embed WordPress plugin (before v1.8). Issue : The plugin fails to escape parameters of the wonderplugin_video shortcode, enabling Stored XSS. Impact : Allows low-privilege users (Contributor) to inject and execute client-side scripts; CVE comments indicate potenti...