CVE-2023-6485
The CVE-2023-6485 entry concerns the Html5 Video Player WordPress plugin, affected in versions before 2.5.19. Root cause: the plugin does not sufficiently sanitize/escape some player settings and lacks proper capability checks. This enables Stored Cross-Site Scripting by authenticated users (e.g....