184 matches found
CVE-2025-8559 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter
The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...
PT-2025-39939
Name of the Vulnerable Software and Affected Versions All in One Music Player plugin for WordPress versions prior to 1.3.2 Description The All in One Music Player plugin for WordPress is susceptible to a Path Traversal issue through the theme parameter. This allows authenticated attackers with...
Malicious code in dragand-player-plugin (npm)
The package dragand-player-plugin was found to contain malicious code...
MAL-2025-18736 Malicious code in dragand-player-plugin (npm)
The package dragand-player-plugin was found to contain malicious code...
CVE-2025-5340
CVE-2025-5340 : The Music Player for Elementor plugin for WordPress is affected by a stored cross-site scripting (XSS) vulnerability via the album_buy_url parameter in all versions up to and including 2.4.6. Exploitation requires authenticated access at Contributor level or higher , enabling an a...
CVE-2024-8267
The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input...
CVE-2024-11333
The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hlsplayer' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-49178
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
CVE-2012-10011
A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hdaddmedia/hdupdatemedia of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely...
CVE-2014-5180
SQL injection vulnerability in the videos page in the HDW Player Plugin hdw-player-video-player-video-gallery 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php...
CVE-2025-2579
The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2025-32516 WordPress Related Videos for JW Player plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ilGhera Related Videos for JW Player related-videos-for-jw-player allows Reflected XSS.This issue affects Related Videos for JW Player: from n/a through = 1.2.0...
CVE-2025-32516
CVE-2025-32516 is a Reflected XSS vulnerability in the WordPress plugin Related Videos for JW Player (supported up to version 1.2.0 and earlier). The flaw arises from improper neutralization of input during web page generation, enabling an attacker to inject scripts via user-controlled input that...
CVE-2024-10804
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
WordPress plugin MP3 Audio Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...
CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...
CVE-2025-23947
CVE-2025-23947 : Stored XSS in WP-Player (WordPress plugin). Root cause: improper input neutralization during web page generation. Affected: WP-Player versions from n/a up to 2.6.1. Public details in RH/Red Hat and Wordfence entries confirm the vulnerability; no public fixes/versioned remediation...
WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP-Player versions = 2.6.1...
CVE-2024-13156
The CVE-2024-13156 issue affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. In Connected Red Hat and Wordfence sources, the vulnerability is described as a DOM-Based Stored Cross-Site Scripting via the heading parameter, present in all versions up to 2.5.35. The vul...