23 matches found
EUVD-2025-2852
Malicious code in bioql PyPI...
EUVD-2025-12043
Malicious code in bioql PyPI...
CVE-2025-22577
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.0...
CVE-2025-3752
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-46475
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Dolson Able Player ableplayer allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.2.1...
CVE-2025-3752
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-3752 Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-3752 Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-3752
CVE-2025-3752 involves the Able Player WordPress plugin with a Stored Cross-Site Scripting vulnerability via the preload parameter in versions up to 1.2.1. Exploitation requires authenticated access at Contributor level or higher, enabling injection of scripts that execute when a user loads the a...
WordPress plugin Able Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Able Playe...
PT-2025-17877 · Unknown · Able Player
Name of the Vulnerable Software and Affected Versions: Able Player versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the preload parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
WordPress Able Player plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Able Player versions = 1.2.1...
CVE-2025-46475
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Dolson Able Player ableplayer allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.2.1...
CVE-2025-46475 WordPress Able Player plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Dolson Able Player ableplayer allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.2.1...
CVE-2025-46475 WordPress Able Player plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Dolson Able Player ableplayer allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.2.1...
CVE-2025-46475
CVE-2025-46475 affects Able Player (WordPress plugin) versions <= 1.2.1. The issue is a DOM-based XSS caused by improper neutralization of input during web page generation. Patchstack and related sources indicate the vulnerability has been patched for Able Player
PT-2025-17789 · Unknown · Able Player
Name of the Vulnerable Software and Affected Versions: Able Player versions n/a through 1.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS attacks. This can lead to the execution of malicious scripts within the...
WordPress plugin Able Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-22577
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.0...
CVE-2025-22577 WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: from n/a through = 1.0...