4 matches found
CVE-2025-6258 WP SoundSystem <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode
The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-6258 WP SoundSystem <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode
The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-6258
The CVE-2025-6258 entry describes a Stored Cross-Site Scripting (XSS) in the WP SoundSystem WordPress plugin via the wpsstm-track shortcode. Affected versions go up to 3.4.2; the vulnerability stems from insufficient input sanitization and output escaping on user-supplied shortcode attributes. Ex...
WordPress WP SoundSystem plugin <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpsstm-track Shortcode vulnerability discovered by Gilang in WordPress Plugin WP SoundSystem versions = 3.4.2...