4 matches found
CVE-2021-24414
The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode...
CVE-2021-24414
creationtimestamp| type| source ---|---|--- 2021-10-25 18:23:31+00:00| seen| https://t.me/cibsecurity/31143...
CVE-2021-24414 YT Player < 1.4 - Contributor+ Stored Cross-Site Scripting
The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode...
CVE-2021-24414
CVE-2021-24414 affects the WordPress Video Player for YouTube plugin (versions up to 1.3). The vulnerability arises because the plugin does not sanitize or validate shortcode parameters, allowing stored XSS when an attacker with as little as contributor privileges embeds the malicious shortcode o...