Lucene search
CaonWPVDB-ID:CEE66543-B5D6-4205-8F9B-0FEBD7FEE445HistoryMay 30, 2024 - 12:00 a.m.
Responsive video embed < 0.5.1 - Contributor+ Stored XSS
2024-05-3000:00:00
caon
wpscan.com
2
responsive video embed
stored cross-site scripting
contributor role
security
update
poc
validation
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PoC
As a contributor, create a post with the following shortcode: [rve src='" onload=alert(/XSS/) " '] The XSS will be triggered when any user will (pre)view the post
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 0.5.1 |
Related
vulnrichment
vulnrichment
CVE-2024-5475 Responsive video embed < 0.5.1 - Contributor+ Stored XSS
2024-06-20 06:00:03
nvd
nvd
CVE-2024-5475
2024-06-20 06:15:10
cve
cve
CVE-2024-5475
2024-06-20 06:15:10
wpexploit
wpexploit
Responsive video embed < 0.5.1 - Contributor+ Stored XSS
2024-05-30 00:00:00
cvelist
cvelist
CVE-2024-5475 Responsive video embed < 0.5.1 - Contributor+ Stored XSS
2024-06-20 06:00:03
wordfence
wordfence
8.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:CEE66543-B5D6-4205-8F9B-0FEBD7FEE445