Lucene search
K

95 matches found

CNVD
CNVD
added 2021/08/18 12:0 a.m.12 views

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-66921)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Wonder Video Embed has a cross-si...

5.4CVSS1.3AI score0.00624EPSS
Exploits2References1
OSV
OSV
added 2021/08/16 11:15 a.m.4 views

CVE-2021-24540

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
Prion
Prion
added 2021/08/16 11:15 a.m.15 views

Cross site scripting

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

3.5CVSS5.2AI score0.00624EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/08/16 10:48 a.m.20 views

CVE-2021-24540 Wonder Video Embed < 1.8 - Contributor+ Stored XSS

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

5.5AI score0.00624EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Wonder Video Embed has a cross-si...

5.4CVSS5.5AI score0.00624EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.519 views

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues 1. On the dashboard, navigate to WP Courses Courses Add New Video...

4.8CVSS0.7AI score0.00617EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.16 views

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues PoC 1. On the dashboard, navigate to WP Courses Courses Add New...

4.8CVSS1.5AI score0.00617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.21 views

Wonder Video Embed < 1.8 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. PoC wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1'...

3.5CVSS2.9AI score0.00624EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.692 views

Wonder Video Embed < 1.8 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1' videocss='animation-name:twentytwentyone-close-button-transition"...

3.5CVSS2.1AI score0.00624EPSS
Exploits2
CNVD
CNVD
added 2021/06/09 12:0 a.m.14 views

WordPress Video Embed plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Vide...

8.8CVSS9AI score0.01568EPSS
Exploits2References1
NVD
NVD
added 2021/06/07 11:15 a.m.23 views

CVE-2021-24337

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection...

8.8CVSS0.01568EPSS
Exploits2References2
OSV
OSV
added 2021/06/07 11:15 a.m.2 views

CVE-2021-24337

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection...

8.8CVSS7.3AI score0.01568EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.3 views

WordPress 插件 SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Vide...

8.8CVSS6.1AI score0.01568EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/05/19 12:0 a.m.14 views

WordPress Video Embed plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Code Vigilant Project in WordPress Video Embed plugin versions = 1.0. Solution This plugin has been closed as of April 19, 2021 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.3AI score0.01568EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/19 12:0 a.m.16 views

Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection

The id GET parameter of one of the plugin's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection. PoC Note: The URL /wp-admin/admin.php?page=edit-video-embed=1 is...

8.8CVSS0.4AI score0.01568EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2020/04/22 4:15 p.m.23 views

CVE-2020-7642

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...

5.4CVSS5.5AI score0.00889EPSS
Exploits1References2
OSV
OSV
added 2020/04/22 4:15 p.m.16 views

CVE-2020-7642

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...

5.4CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/04/22 4:15 p.m.17 views

Design/Logic Flaw

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...

3.5CVSS5.5AI score0.00889EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/04/22 3:13 p.m.49 views

CVE-2020-7642

CVE-2020-7642 affects lazysizes up to version 5.2.0, where the video-embed plugin fails to sanitize attributes data-vimeo, data-vimeoparams, data-youtube, and data-ytparams, enabling injection of malicious JavaScript. The vulnerability is tied to how untrusted payloads can be executed through the...

5.4CVSS5.5AI score0.00889EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/22 3:13 p.m.27 views

CVE-2020-7642

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...

5.5AI score0.00889EPSS
Exploits1References2
Rows per page
Query Builder