CVE-2025-27002

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

CVE-2025-27002

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

CVE-2025-27002 WordPress CountDown With Image or Video Background plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

CVE-2025-27002

CVE-2025-27002: Reflected XSS in CountDown With Image or Video Background (WordPress plugin). Affected: CountDown With Image or Video Background

WordPress CountDown With Image or Video Background plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin CountDown With Image or Video Background versions = 1.5...

PT-2026-1795

Name of the Vulnerable Software and Affected Versions LambertGroup CountDown With Image or Video Background versions through 1.5 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting issue. This allows...

WordPress plugin CountDown With Image or Video Background 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-51445

Name of the Vulnerable Software and Affected Versions LambertGroup CountDown With Image or Video Background versions through 1.5 Description The software contains an SQL injection flaw due to improper neutralization of special elements within SQL commands. This allows for blind SQL injection...

WordPress CountDown With Image or Video Background plugin <= 1.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin CountDown With Image or Video Background versions = 1.5...

CVE-2022-4652

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-47567

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through =...

CVE-2025-47567 WordPress Video Player & FullScreen Video Background plugin <= 2.4.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Video Player & FullScreen Video Background allows Blind SQL Injection. This issue affects Video Player & FullScreen Video Background: from n/a through 2.4.1...

WordPress plugin Video Player & FullScreen Video Background SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress...

CVE-2022-4652

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4652 Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4652

The CVE-2022-4652 entry documents a Stored XSS in the Video Background WordPress plugin for versions prior to 2.7.5. The vulnerability arises because certain shortcode attributes are not validated/escaped before being output, which could allow users with the contributor role and above to inject s...

PT-2023-14954 · WordPress · Video Background

Name of the Vulnerable Software and Affected Versions: Video Background WordPress plugin versions prior to 2.7.5 Description: The issue concerns the Video Background WordPress plugin, which does not properly validate and escape certain shortcode attributes. This could allow users with the...

WordPress plugin Video Background 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress Video Background Plugin <= 2.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Video Background Type Plugin Vulnerable versions = 2.7.4 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4652 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8720d683d0f2 Credits Lana Codes Requir...

Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 2.7.5 vidbg loop="1;alert/XSS-loop/;...