CVE-2024-37445

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...

CVE-2024-37445 WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...

CVE-2024-37445

CVE-2024-37445 is a stored XSS vulnerability in the WordPress plugin WordPress HTML5 Audio Player (bPlugins Html5 Audio Player), affected up to version 2.2.23. The issue arises from improper neutralization during web page generation, enabling stored cross-site scripting. The Wordfence/WordPress v...

PT-2024-27559 · Bplugins · Bplugins Html5 Audio Player

Name of the Vulnerable Software and Affected Versions: bPlugins Html5 Audio Player versions 2.2.23 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Html5 Audio Player versions = 2.2.23...

WordPress plugin HTML5 Audio Player 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-4398

CVE-2024-4398 affects the HTML5 Audio Player – Audio Player Plugin for WordPress. The vulnerability is a Stored Cross‑Site Scripting (XSS) in the plugin’s widgets due to insufficient input sanitization and output escaping for user-supplied attributes, viable when an attacker has Contributor or hi...

WordPress Html5 Audio Player Plugin <= 2.2.19 is vulnerable to Cross Site Scripting (XSS)

Software Html5 Audio Player Type Plugin Vulnerable versions = 2.2.19 Fixed in 2.2.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4398 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1188ade0c4c5 Credits stealthcopter...

CVE-2024-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

CVE-2024-25098

PB oEmbed HTML5 Audio – with Cache Support (WordPress plugin by Pascal Bajorat) is affected by a stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. The issue affects versions n/a through 2.6. Exploitation details and patch status vary ...

WordPress Plugin PB oEmbed HTML5 Audio Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin PB oEmbed HTML5 Audio A...

PT-2024-20746 · Pascal Bajorat · Pascal Bajorat Pb Oembed Html5 Audio – With Cache Support

Name of the Vulnerable Software and Affected Versions: Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support versions n/a through 2.6 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means...

WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software PB oEmbed HTML5 Audio Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fd60f7f1dbad Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Quick Audio Player – Best HTML5 Audio Player Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Quick Audio Player – Best HTML5 Audio Player Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1caa9fec69d5 Credits Rafie...

CVE-2023-0170

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0170

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0170

The CVE-2023-0170 entry documents an XSS vulnerability in the WordPress Html5 Audio Player plugin prior to version 2.1.12. The issue arises because the plugin does not validate and escape certain shortcode attributes before embedding them in pages/posts, enabling users with the Contributor role o...