CVE-2024-13865 drm-protected-video-streaming <= 4.2.1 - Reflected XSS

The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

PT-2025-4726 · Unknown · S3Player – Woocommerce & Elementor Integration

Name of the Vulnerable Software and Affected Versions: S3Player – WooCommerce & Elementor Integration versions prior to 4.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means an attacker can...