6 matches found
CVE-2024-13865
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
CVE-2024-13865
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
CVE-2024-13865 drm-protected-video-streaming <= 4.2.1 - Reflected XSS
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
PT-2025-21467 · WordPress · S3Player
Name of the Vulnerable Software and Affected Versions: S3Player WordPress plugin versions 4.2.1 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...
CVE-2025-22818
CVE-2025-22818 is a Stored Cross-Site Scripting (XSS) vulnerability in the S3Player – WooCommerce & Elementor Integration. The issue is described as an improper neutralization of input during web page generation (XSS). It affects the S3Player – WooCommerce & Elementor Integration: from n/a throug...
CVE-2025-22818 WordPress S3Player plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in S3Bubble S3Player – WooCommerce & Elementor Integration drm-protected-video-streaming allows Stored XSS.This issue affects S3Player – WooCommerce & Elementor Integration: from n/a through = 4.2.1...