184 matches found
WordPress Radio Player plugin <= 2.0.83 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Malvin Valerian Gultom Patchstack Alliance in WordPress Plugin Radio Player versions = 2.0.83...
WordPress plugin Video Player for WPBakery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin HLS Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin MP3 Audio Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2024-8267
The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input...
CVE-2024-7727
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...
CVE-2024-7727
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...
CVE-2023-4027
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesettings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings...
PT-2024-12877 · WordPress · Radio Player
Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it possible for...
CVE-2024-34753 WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73...
WordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Radio Player versions = 2.0.73...
CVE-2024-32078 WordPress FV Player plugin <= 7.5.44.7212 - Unvalidated Redirects and Forwards vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212...
WordPress Radio Player Plugin <= 2.0.73 is vulnerable to Sensitive Data Exposure
Software Radio Player Type Plugin Vulnerable versions = 2.0.73 Fixed in 2.0.74 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32506 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4e6e2407c28d Credits Steven Julian Required...
CVE-2023-49178
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
CVE-2023-49178 WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
CVE-2023-49178
CVE-2023-49178 describes a cross-site scripting (XSS) vulnerability in the WordPress plugin HDW Player Plugin (Video Player & Video Gallery) . The issue is caused by improper neutralization of input during web page generation, enabling a Reflected XSS. Affected software: HDW Player Plugin (Video ...
WordPress Plugin HDW Player Plugin Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting
Description The HDW Player Plugin Video Player & Video Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Software HDW Player Plugin Video Player & Video Gallery Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49178 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27d63d522c9...