WordPress WP Video Lightbox plugin <= 1.9.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WP Video Lightbox versions = 1.9.11...

EUVD-2022-51809

Malicious code in bioql PyPI...

CVE-2023-24004

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin = 2.1.5 versions...

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2021-24665

The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2024-4324

The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4324 WP Video Lightbox <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

WordPress WP Video Lightbox plugin <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Video Lightbox versions = 1.9.10...

WordPress WP Video Lightbox Plugin <= 1.9.10 is vulnerable to Cross Site Scripting (XSS)

Software WP Video Lightbox Type Plugin Vulnerable versions = 1.9.10 Fixed in 1.9.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4324 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f68c54849bf Credits Krzysztof Zając...

WordPress plugin WP Video Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-30403 · WordPress · Wp Video Lightbox

Name of the Vulnerable Software and Affected Versions: WP Video Lightbox plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the width parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2023-24004

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin = 2.1.5 versions...

CVE-2023-24004 WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin = 2.1.5 versions...

CVE-2023-24004

The CVE-2023-24004 entry concerns a Stored XSS in the WordPress plugin WPdevart Image and Video Lightbox, Image PopUp, affecting versions

WordPress Plugin Image and Video Lightbox, Image PopUp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2022-4465

The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Cross site scripting

The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4465

The vulnerability CVE-2022-4465 affects the WP Video Lightbox WordPress plugin, specifically versions prior to 1.9.7. The issue arises because the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS attacks. This could allow users with a low-privile...

CVE-2022-4465 WP Video Lightbox < 1.9.7 - Contributor+ Stored XSS

The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

WordPress plugin WP Video Lightbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...