2 matches found
CVE-2025-4955
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...
PT-2025-25772 · WordPress · Tarteaucitron.Io
Name of the Vulnerable Software and Affected Versions: tarteaucitron.io WordPress plugin versions prior to 1.9.5 Description: The issue concerns the tarteaucitron.io WordPress plugin, which uses query parameters from YouTube oEmbed URLs without proper sanitization. This could allow users with the...