Lucene search
K

95 matches found

Vulnrichment
Vulnrichment
added 2025/01/07 2:57 p.m.9 views

CVE-2025-22554 WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Franklin Video Embed Optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through 1.0.0...

6.5CVSS7AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/07 2:57 p.m.20 views

CVE-2025-22554 WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fdfranklin06 Video Embed Optimizer video-embed-optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through = 1.0.0...

6.5CVSS0.00334EPSS
Exploits0References1
CVE
CVE
added 2025/01/07 2:57 p.m.62 views

CVE-2025-22554

CVE-2025-22554 is a Stored XSS vulnerability in Video Embed Optimizer (WordPress plugin) affecting versions up to 1.0.0. The issue arises from improper neutralization of input during web page generation. Exploitation details are not publicly provided in the documents beyond the stored XSS charact...

6.5CVSS7.2AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/07 12:28 p.m.4 views

WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Video Embed Optimizer versions = 1.0.0...

6.5CVSS6.1AI score0.00334EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

WordPress plugin Video Embed Optimizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.8AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2024/12/14 5:15 a.m.8 views

CVE-2024-11883

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.12 views

CVE-2024-11883 Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0027EPSS
Exploits0References2
CVE
CVE
added 2024/12/14 4:23 a.m.37 views

CVE-2024-11883

CVE-2024-11883 affects the Connatix Video Embed WordPress plugin. The vulnerability is a Stored XSS via the plugin shortcode cnx_script_code in versions up to and including 1.0.5, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at l...

6.4CVSS5.7AI score0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.8 views

CVE-2024-11883 Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.3 views

WordPress plugin Connatix Video Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS8AI score0.0027EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/13 8:59 p.m.3 views

WordPress Connatix Video Embed plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Connatix Video Embed versions = 1.0.5...

6.4CVSS5.7AI score0.0027EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/06 2:15 p.m.6 views

CVE-2024-7599

The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermonvideoembed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00298EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.7 views

WordPress plugin Advanced Sermons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

6.4CVSS6AI score0.00298EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/06/20 6:42 a.m.3 views

WordPress Responsive video embed plugin < 0.5.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Felipe Caon in WordPress Plugin Responsive video embed versions 0.5.1...

5.4CVSS6.1AI score0.00367EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.4 views

WordPress plugin Responsive video embed security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Custom Field Suite plugin is a custom field adding plugin used in it.Media Library...

5.4CVSS6.7AI score0.00367EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.15 views

WordPress Responsive video embed Plugin < 0.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive video embed Type Plugin Vulnerable versions 0.5.1 Fixed in 0.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5475 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 325ee9be976d Credits Felipe Caon Require...

5.4CVSS5.7AI score0.00367EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.4 views

PT-2024-36413 · WordPress · Responsive Video Embed

Name of the Vulnerable Software and Affected Versions: Responsive video embed WordPress plugin versions prior to 0.5.1 Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the Responsive video embed WordPress plugin. This could allow users with...

5.4CVSS5.7AI score0.00367EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.14 views

Responsive video embed < 0.5.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, create a...

8.2AI score0.00367EPSS
Exploits2Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.3 views

CVE-2024-1571

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

4.8CVSS7.4AI score0.00426EPSS
Exploits0References2
NVD
NVD
added 2024/04/09 7:15 p.m.19 views

CVE-2024-1571

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

4.8CVSS4.3AI score0.00426EPSS
Exploits0References2
Rows per page
Query Builder