CVE-2023-0418

The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WordPress Video versions = 1.0...

WordPress WordPress Video Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Video Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 450aa2d3738a Credits SOPROBRO Required privilege Contributor...

WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Flash & HTML5 Video versions = 2.5.31...

WordPress Video PopUp Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Video PopUp Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4962 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de09c56436ca Credits István Márton Required...

WordPress Video Embed & Thumbnail Generator Plugin <= 1.9 - Remote Code Execution

Because of this vulnerability, the attackers can execute arbitrary commands via unspecified vectors. Solution Update the plugin...