36 matches found
PT-2023-14526 · WordPress · Wp Video Lightbox
Name of the Vulnerable Software and Affected Versions: WP Video Lightbox versions prior to 1.9.7 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admin, due to the plugin'...
WordPress plugin WP Video Lightbox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2189 WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress plugin WP Video Lightbox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress WP Video Lightbox plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WP Video Lightbox plugin versions = 1.9.5. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.6...
WordPress WP Video Lightbox plugin <= 1.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress WP Video Lightbox plugin versions = 1.9.4. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.5...
CVE-2021-24665
The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24665
The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...
Cross site scripting
The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24665
The CVE-2021-24665 entry affects the WP Video Lightbox WordPress plugin (versions before 1.9.3). The root cause is failure to escape shortcode attribute values, allowing stored Cross-Site Scripting (XSS) by users with as low as contributor privileges. Reported impact is XSS that could be triggere...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting
The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks videolightboxvimeo5 videoid='"onmouseover=alert/XSS/ b="' width="640" height="480" anchor="Click here to open vimeo video" videolightboxvimeo5...
WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting
The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks PoC videolightboxvimeo5 videoid='"onmouseover=alert/XSS/ b="' width="640" height="480" anchor="Click here to open vimeo video" videolightboxvimeo5...