31 matches found
CVE-2025-13727
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2025-13727
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2025-13727
CVE-2025-13727 affects Video Share VOD – Turnkey Video Site Builder Script (WordPress) up to version 2.7.11. It is a Stored XSS via plugin settings exploitable by authenticated editors or higher, with impact on multi-site installs and when unfiltered_html is disabled. Wordfence and related source...
CVE-2025-13727
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability
Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...
WordPress plugin Video Share VOD – Turnkey Video Site Builder Script 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-20376
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
EUVD-2024-50867
Malicious code in bioql PyPI...
EUVD-2025-28783
Malicious code in bioql PyPI...
EUVD-2025-8162
Malicious code in bioql PyPI...
CVE-2025-7812
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...
CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...
CVE-2025-7812
CVE-2025-7812 affects the WordPress plugin Video Share VOD – Turnkey Video Site Builder Script (versions through 2.7.6). The root cause is missing or incorrect nonce validation on adminExport(), enabling Cross-Site Request Forgery that can lead to remote code execution when the Server command exe...
WordPress Video Share VOD – Turnkey Video Site Builder Script plugin <= 2.7.6 - Cross-Site Request Forgery to Command Injection vulnerability
Cross-Site Request Forgery to Command Injection vulnerability discovered by Gai Tanaka in WordPress Plugin Video Share VOD versions = 2.7.6...
CVE-2025-26583
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through = 2.7.9...
CVE-2025-26583
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through = 2.7.9...
CVE-2025-26583 WordPress Video Share VOD plugin <= 2.7.9 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through = 2.7.9...
CVE-2025-26583
CVE-2025-26583 is a Reflected XSS in the WordPress Video Share VOD plugin. The vulnerability arises from improper input neutralization during web page generation, affecting Video Share VOD versions from n/a up to and including 2.7.9. The connected documents confirm the issue and its CVSS-derived ...