5 matches found
CVE-2025-4955
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...
WordPress tarteaucitron.io plugin < 1.9.5 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin tarteaucitron.js – Cookies legislation & GDPR versions 1.9.5...
CVE-2025-4955
creationtimestamp| type| source ---|---|--- 2025-06-18 07:58:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrujyp4dhw2o...
CVE-2025-4955
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...
CVE-2025-4955 tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...