Simple Video Embedder <= 2.2 - Contributor+ Stored Cross-Site Scripting

2022-11-0900:00:00

wpscan.com

cross-site scripting

contributor role

sanitisation

0.001 Low

EPSS

Percentile

19.5%

JSON

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

CPENameOperatorVersion
simple-video-embeddereq*

CPE	Name	Operator	Version
	simple-video-embedder	eq	*

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for WPVDB-ID:54B2CB36-8F73-4D2E-9B4D-131807454327