CVE-2013-6797

Cross-site request forgery CSRF vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bwurl parameter in the bw-videos pag...

EUVD-2013-6599

Malware in sbrugna...

EUVD-2025-3441

Malicious code in bioql PyPI...

CVE-2024-5169

The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-8546

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-9158 · WordPress · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.4 Description: The issue is related to Stored Cross-Site Scripting via the Embedded VideoPB widget due to insufficient input sanitization and output...

CVE-2025-23809

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sunil Nanda Blue Wrench Video Widget blue-wrench-videos-widget allows Reflected XSS.This issue affects Blue Wrench Video Widget: from n/a through = 2.1.0...

CVE-2025-23809

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sunil Nanda Blue Wrench Video Widget blue-wrench-videos-widget allows Reflected XSS.This issue affects Blue Wrench Video Widget: from n/a through = 2.1.0...

CVE-2025-23809

CVE-2025-23809 describes a Reflected XSS in the NotFound Blue Wrench Video Widget (affecting Blue Wrench Video Widget: from n/a through 2.1.0). The vulnerability arises from improper neutralization of input during web page generation. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L with bas...

WordPress plugin Blue Wrench Video Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Blue Wrench Video Widget Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Blue Wrench Video Widget versions = 2.1.0...

CVE-2024-8546

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8546

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8546

CVE-2024-8546 : ElementsKit Elementor addons for WordPress (

WordPress ElementsKit Elementor addons plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Video Widget vulnerability discovered by zer0gh0st in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.2.7...

PT-2024-39085 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.2.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Video widget due to insufficient input sanitization and output escaping o...

CVE-2024-5763

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...

CVE-2024-5763 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...

CVE-2024-5763 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...