CVE-2024-5169

The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Video Widget plugin <= 1.2.3 - Admin+ Stored XSS via Widget vulnerability

Admin+ Stored XSS via Widget vulnerability discovered by Bob Matyas in WordPress Plugin Video Widget versions = 1.2.3...

CVE-2024-5169

The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Video Reviews / Video Widget Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Video Reviews / Video Widget Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7dac09181d24 Credits Rafie Muhammad...