13 matches found
EUVD-2021-11452
Malware in sbrugna...
CVE-2021-24540
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2024-13743 Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderpluginvideo shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13743 Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderpluginvideo shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Wonder Video Embed plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Wonder Video Embed versions = 2.2...
WordPress plugin Wonder Video Embed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-66921)
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Wonder Video Embed has a cross-si...
CVE-2021-24540
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
Cross site scripting
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2021-24540 Wonder Video Embed < 1.8 - Contributor+ Stored XSS
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Wonder Video Embed has a cross-si...
Wonder Video Embed < 1.8 - Contributor+ Stored XSS
The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1' videocss='animation-name:twentytwentyone-close-button-transition"...
Wonder Video Embed < 1.8 - Contributor+ Stored XSS
The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. PoC wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1'...