Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2026/02/19 1:29 p.m.4 views

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS5.7AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 10:16 a.m.5 views

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS0.00274EPSS
Exploits0References6
CVE
CVE
added 2026/02/18 9:25 a.m.14 views

CVE-2025-13727

CVE-2025-13727 affects Video Share VOD – Turnkey Video Site Builder Script (WordPress) up to version 2.7.11. It is a Stored XSS via plugin settings exploitable by authenticated editors or higher, with impact on multi-site installs and when unfiltered_html is disabled. Wordfence and related source...

4.4CVSS5.7AI score0.00274EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/18 9:25 a.m.3 views

CVE-2025-13727

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS5.7AI score0.00274EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/18 9:25 a.m.5 views

CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS5.7AI score0.00274EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/18 9:25 a.m.32 views

CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS0.00274EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/18 12:39 a.m.10 views

WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...

4.4CVSS5.5AI score0.00274EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

WordPress plugin Video Share VOD – Turnkey Video Site Builder Script 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.4CVSS5.8AI score0.00274EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20376

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.4CVSS5.7AI score0.00274EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50867

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28783

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00234EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8162

Malicious code in bioql PyPI...

7.1CVSS9.2AI score0.00352EPSS
Exploits0References2
NVD
NVD
added 2025/08/28 3:15 a.m.3 views

CVE-2025-7812

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...

8.8CVSS0.00234EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/28 1:46 a.m.9 views

CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...

8.8CVSS0.00234EPSS
Exploits0References4
CVE
CVE
added 2025/08/28 1:46 a.m.21 views

CVE-2025-7812

CVE-2025-7812 affects the WordPress plugin Video Share VOD – Turnkey Video Site Builder Script (versions through 2.7.6). The root cause is missing or incorrect nonce validation on adminExport(), enabling Cross-Site Request Forgery that can lead to remote code execution when the Server command exe...

8.8CVSS7.1AI score0.00234EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/27 11:26 p.m.7 views

WordPress Video Share VOD – Turnkey Video Site Builder Script plugin <= 2.7.6 - Cross-Site Request Forgery to Command Injection vulnerability

Cross-Site Request Forgery to Command Injection vulnerability discovered by Gai Tanaka in WordPress Plugin Video Share VOD versions = 2.7.6...

8.8CVSS7.1AI score0.00234EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/28 5:40 p.m.6 views

CVE-2025-26583

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through = 2.7.9...

7.1CVSS7.2AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.4 views

CVE-2025-26583

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through = 2.7.9...

7.1CVSS0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 2:24 p.m.16 views

CVE-2025-26583 WordPress Video Share VOD plugin <= 2.7.9 - Reflected Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through = 2.7.9...

7.1CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 2:24 p.m.62 views

CVE-2025-26583

CVE-2025-26583 is a Reflected XSS in the WordPress Video Share VOD plugin. The vulnerability arises from improper input neutralization during web page generation, affecting Video Share VOD versions from n/a up to and including 2.7.9. The connected documents confirm the issue and its CVSS-derived ...

7.1CVSS7.2AI score0.00352EPSS
Exploits0References1
Rows per page
Query Builder