Lucene search
K

184 matches found

Vulnrichment
Vulnrichment
added 2025/09/30 3:35 a.m.2 views

CVE-2025-8559 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter

The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...

6.5CVSS5.4AI score0.00379EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.3 views

PT-2025-39939

Name of the Vulnerable Software and Affected Versions All in One Music Player plugin for WordPress versions prior to 1.3.2 Description The All in One Music Player plugin for WordPress is susceptible to a Path Traversal issue through the theme parameter. This allows authenticated attackers with...

6.5CVSS6.1AI score0.00379EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in dragand-player-plugin (npm)

The package dragand-player-plugin was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-18736 Malicious code in dragand-player-plugin (npm)

The package dragand-player-plugin was found to contain malicious code...

7.2AI score
Exploits0
CVE
CVE
added 2025/06/03 11:22 a.m.54 views

CVE-2025-5340

CVE-2025-5340 : The Music Player for Elementor plugin for WordPress is affected by a stored cross-site scripting (XSS) vulnerability via the album_buy_url parameter in all versions up to and including 2.4.6. Exploitation requires authenticated access at Contributor level or higher , enabling an a...

6.4CVSS5.7AI score0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.6 views

CVE-2024-8267

The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input...

6.4CVSS5.7AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:45 a.m.8 views

CVE-2024-11333

The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hlsplayer' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:5 a.m.7 views

CVE-2023-49178

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...

7.1CVSS7.1AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:14 p.m.8 views

CVE-2012-10011

A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hdaddmedia/hdupdatemedia of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely...

9.8CVSS7.5AI score0.00707EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.7 views

CVE-2014-5180

SQL injection vulnerability in the videos page in the HDW Player Plugin hdw-player-video-player-video-gallery 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php...

6.5CVSS8.3AI score0.0237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 9:7 a.m.21 views

CVE-2025-2579

The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS5.9AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:47 p.m.13 views

CVE-2025-32516 WordPress Related Videos for JW Player plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ilGhera Related Videos for JW Player related-videos-for-jw-player allows Reflected XSS.This issue affects Related Videos for JW Player: from n/a through = 1.2.0...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:47 p.m.48 views

CVE-2025-32516

CVE-2025-32516 is a Reflected XSS vulnerability in the WordPress plugin Related Videos for JW Player (supported up to version 1.2.0 and earlier). The flaw arises from improper neutralization of input during web page generation, enabling an attacker to inject scripts via user-controlled input that...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/09 8:34 a.m.8 views

CVE-2024-10804

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...

7.5CVSS6.7AI score0.00811EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.3 views

WordPress plugin MP3 Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS8.1AI score0.0041EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/16 8:8 p.m.8 views

CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

6.5CVSS7.2AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:8 p.m.21 views

CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

6.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:8 p.m.57 views

CVE-2025-23947

CVE-2025-23947 : Stored XSS in WP-Player (WordPress plugin). Root cause: improper input neutralization during web page generation. Affected: WP-Player versions from n/a up to 2.6.1. Public details in RH/Red Hat and Wordfence entries confirm the vulnerability; no public fixes/versioned remediation...

6.5CVSS7.2AI score0.0022EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:43 p.m.5 views

WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP-Player versions = 2.6.1...

6.5CVSS6.1AI score0.0022EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/01/14 8:23 a.m.43 views

CVE-2024-13156

The CVE-2024-13156 issue affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. In Connected Red Hat and Wordfence sources, the vulnerability is described as a DOM-Based Stored Cross-Site Scripting via the heading parameter, present in all versions up to 2.5.35. The vul...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References4
Rows per page
Query Builder