15 matches found
EUVD-2021-2530
Malware in sbrugna...
CVE-2021-24337
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection...
CVE-2021-24540
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
PT-2024-36413 · WordPress · Responsive Video Embed
Name of the Vulnerable Software and Affected Versions: Responsive video embed WordPress plugin versions prior to 0.5.1 Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the Responsive video embed WordPress plugin. This could allow users with...
GHSA-HG2P-2CVQ-4PPV Cross-site scripting in lazysizes
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
Cross-site scripting in lazysizes
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
CVE-2021-24337
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection...
CVE-2021-24337
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection...
WordPress 插件 SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Vide...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
Design/Logic Flaw
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
CVE-2020-7642
CVE-2020-7642 affects lazysizes up to version 5.2.0, where the video-embed plugin fails to sanitize attributes data-vimeo, data-vimeoparams, data-youtube, and data-ytparams, enabling injection of malicious JavaScript. The vulnerability is tied to how untrusted payloads can be executed through the...
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
Cross-site Scripting (XSS)
Overview lazysizes is a fast jank-free, SEO-friendly and self-initializing lazyloader for images including responsive images picture/srcset, iframes, scripts/widgets and much more. It also prioritizes resources by differentiating between crucial in view and near view elements to make perceived...