93 matches found
PT-2025-25478 · WordPress · Kk Youtube Video
Name of the Vulnerable Software and Affected Versions: kk Youtube Video plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-5457
The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2023-0418
The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-27343 WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects WooCommerce HTML5 Video: from n/a through = 1.7.10...
CVE-2025-32534
CVE-2025-32534 is a Reflected XSS in the Workbox Video from Vimeo & YouTube WordPress plugin (affected: 1) Workbox Video from Vimeo & Youtube Plugin, 2) versions up to 3.2.2). The CVE entry includes a CVSS v3.1 base score of 7.1 (HIGH) with Network attack vector, No privileges, user interaction r...
WordPress Pipe Audio Video and Screen Recorder 1.0.6 Bypass / LFI / SSRF
WordPress Pipe Audio Video and Screen Recorder plugin version 1.0.6 suffers from webhook signature bypass, denial of service, local file inclusion, and server-side request forgery vulnerabilities. Exploit Title: WordPress Pipe Audio Video and Screen Recorder 1.0.6 - Multiple Vulnerabilities Date:...
WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce HTML5 Video versions = 1.7.10...
CVE-2024-13576
The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13576
The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13576 Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13576
CVE-2024-13576 affects the Gumlet Video WordPress plugin. The vulnerability is Stored XSS via the gumlet shortcode in all versions up to and including 1.0.3, caused by insufficient input sanitization/out escaping on user-supplied attributes. Exploitation requires authenticated access at contribut...
CVE-2024-5456
The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selectedbutton' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2024-12504 Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisperhls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user...
WordPress VideoWhisper Live Streaming Integration plugin <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Broadcast Live Video versions = 6.1.9...
WordPress HTML5 Video Player – mp4 Video Player Plugin and Block plugin <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability discovered by Webbernaut in WordPress Plugin Flash & HTML5 Video versions = 2.5.35...
CVE-2024-12214
CVE-2024-12214 affects the WooCommerce HSS Extension for Streaming Video (WordPress). The vulnerability is a reflected Cross-Site Scripting (Reflected XSS) via the videolink parameter in all versions up to and including 3.31, caused by insufficient input sanitization and output escaping. Exploita...
PT-2024-16929 · WordPress · The Ultimate Youtube Video & Shorts Player With Vimeo
Name of the Vulnerable Software and Affected Versions: The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress versions up to, and including, 3.3 Description: The issue is related to a missing capability check on the del ytsingvid function, allowing authenticated attackers with...
WordPress plugin WP Responsive Video 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-49231 WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cyclop WordPress Video wordpress-video allows Stored XSS.This issue affects WordPress Video: from n/a through = 1.0...
CVE-2024-49231 WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0...