Lucene search
K

93 matches found

Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.10 views

PT-2025-25478 · WordPress · Kk Youtube Video

Name of the Vulnerable Software and Affected Versions: kk Youtube Video plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.00186EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:30 a.m.13 views

CVE-2024-5457

The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.6 views

CVE-2023-0418

The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.2AI score0.00444EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:47 p.m.2 views

CVE-2025-27343 WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects WooCommerce HTML5 Video: from n/a through = 1.7.10...

7.1CVSS8.6AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/04/11 8:42 a.m.56 views

CVE-2025-32534

CVE-2025-32534 is a Reflected XSS in the Workbox Video from Vimeo & YouTube WordPress plugin (affected: 1) Workbox Video from Vimeo & Youtube Plugin, 2) versions up to 3.2.2). The CVE entry includes a CVSS v3.1 base score of 7.1 (HIGH) with Network attack vector, No privileges, user interaction r...

7.1CVSS7.2AI score0.00374EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.275 views

WordPress Pipe Audio Video and Screen Recorder 1.0.6 Bypass / LFI / SSRF

WordPress Pipe Audio Video and Screen Recorder plugin version 1.0.6 suffers from webhook signature bypass, denial of service, local file inclusion, and server-side request forgery vulnerabilities. Exploit Title: WordPress Pipe Audio Video and Screen Recorder 1.0.6 - Multiple Vulnerabilities Date:...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2025/02/21 12:0 a.m.3 views

WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce HTML5 Video versions = 1.7.10...

7.1CVSS6.1AI score0.00257EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/20 4:31 a.m.6 views

CVE-2024-13576

The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 5:15 a.m.15 views

CVE-2024-13576

The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/18 4:21 a.m.5 views

CVE-2024-13576 Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2025/02/18 4:21 a.m.50 views

CVE-2024-13576

CVE-2024-13576 affects the Gumlet Video WordPress plugin. The vulnerability is Stored XSS via the gumlet shortcode in all versions up to and including 1.0.3, caused by insufficient input sanitization/out escaping on user-supplied attributes. Exploitation requires authenticated access at contribut...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 6:18 a.m.7 views

CVE-2024-5456

The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selectedbutton' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

8.8CVSS7.7AI score0.00866EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/23 11:13 a.m.25 views

CVE-2024-12504 Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisperhls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user...

6.4CVSS0.00216EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/22 10:36 p.m.5 views

WordPress VideoWhisper Live Streaming Integration plugin <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Broadcast Live Video versions = 6.1.9...

6.4CVSS5.7AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/13 9:58 p.m.7 views

WordPress HTML5 Video Player – mp4 Video Player Plugin and Block plugin <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability discovered by Webbernaut in WordPress Plugin Flash & HTML5 Video versions = 2.5.35...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/07 4:21 a.m.50 views

CVE-2024-12214

CVE-2024-12214 affects the WooCommerce HSS Extension for Streaming Video (WordPress). The vulnerability is a reflected Cross-Site Scripting (Reflected XSS) via the videolink parameter in all versions up to and including 3.31, caused by insufficient input sanitization and output escaping. Exploita...

6.1CVSS6AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.7 views

PT-2024-16929 · WordPress · The Ultimate Youtube Video & Shorts Player With Vimeo

Name of the Vulnerable Software and Affected Versions: The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress versions up to, and including, 3.3 Description: The issue is related to a missing capability check on the del ytsingvid function, allowing authenticated attackers with...

4.3CVSS9.3AI score0.0054EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.4 views

WordPress plugin WP Responsive Video 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7.6AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/18 9:52 a.m.23 views

CVE-2024-49231 WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cyclop WordPress Video wordpress-video allows Stored XSS.This issue affects WordPress Video: from n/a through = 1.0...

6.5CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/18 9:52 a.m.20 views

CVE-2024-49231 WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0...

6.5CVSS7AI score0.0025EPSS
Exploits0References1
Rows per page
Query Builder