WordPress Plugin Vulnerabilities

Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS

Description

The plugin has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos.

Proof of Concept

Affects Plugins

Plugin icon
video-posts-webcam-recorder
Fixed in 3.2.4

References

CVE
CVE-2021-24512

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
iohex
Submitter
iohex
Submitter twitter
iohehe
Verified
No
WPVDB ID
458a576e-a7ed-4758-a80c-cd08c370aaf4

Timeline

Publicly Published
2021-07-14 (about 4 years ago)
Added
2021-07-14 (about 4 years ago)
Last Updated
2021-08-10 (about 4 years ago)

Other

Published
Title
Published
2023-02-28
Title
WP No External Links <= 1.0.2 - Admin+ Stored XSS
Published
2015-01-10
Title
Greg's High Performance SEO 1.6.1 - Reflected XSS
Published
2024-07-15
Title
WP eMember <= v10.7.0 - Stored XSS via CSRF
Published
2023-04-21
Title
eRocket < 1.2.5 - Admin+ Stored XSS
Published
2024-11-15
Title
Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload