WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...

EUVD-2022-55974

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

CVE-2022-50949

The CVE-2022-50949 entry concerns WordPress Plugin Videos sync PDF 1.7.4, which contains a stored cross-site scripting (XSS) vulnerability in unsanitized parameters (nom, pdf, mp4, webm, ogg). Exploitation enables an authenticated attacker with low privileges to inject JavaScript via the plugin o...

CVE-2022-50949

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

PT-2026-39478

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

WordPress plugin Videos sync PDF 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2022-1392

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues...

WordPress plugin Videos sync PDF file contains vulnerabilities

WordPress is a set of blogging platform developed using the PHP language. WordPress plugin Videos sync PDF version 1.7.4 and before there is a file inclusion vulnerability, the vulnerability stems from the plugin in the inclusion statement using the p parameter before failing to validate, an...

CVE-2022-1392

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues...

CVE-2022-1392

The CVE-2022-1392 entry concerns the WordPress plugin Videos sync PDF, version = 1.7.5 or apply the vendor patch. The connected nuclei/WP exploit references indicate a PoC exists (e.g., WPEX template "Videos sync PDF

CVE-2022-1392 Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues...

WordPress plugin Videos sync PDF路径遍历漏洞

WordPress is a set of blogging platform developed using the PHP language. WordPress plugin Videos sync PDF version 1.7.4 and before there is a file inclusion vulnerability, the vulnerability stems from the plugin in the inclusion statement using the p parameter before failing to validate, an...

WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 2022-04-13 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...

Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when editing a video, and does not escape some of its fields, which could allow attackers to make a logged in admin change them and lead to Stored Cross-Site Scripting issues 2, 00:00:10-3, 00:00:15-4, 00:00:20-5" /...

WordPress Videos sync PDF 1.7.4 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...

Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues PoC https://example.com/wp-content/plugins/video-synchro-pdf/reglages/MenuPlugins/tout.php?p=LFI...

WordPress Videos sync PDF plugin <= 1.7.4 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Videos sync PDF plugin versions = 1.7.4. Solution No patched version is available...