WordPress Plugin Vulnerabilities

Simple Video Embedder <= 2.2 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
simple-video-embedder
No known fix

References

CVE
CVE-2022-44590

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
54b2cb36-8f73-4d2e-9b4d-131807454327

Timeline

Publicly Published
2022-11-09 (about 1 years ago)
Added
2022-11-09 (about 1 years ago)
Last Updated
2022-11-09 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
Church Admin <= 0.4.2 - Cross-Site Scripting (XSS)
Published
2022-12-05
Title
Loginizer < 1.7.6 - Reflected XSS
Published
2015-09-12
Title
Royal Slider <= 3.2.6 - Authenticated Cross-Site Scripting (XSS)
Published
2024-04-24
Title
Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery < 2.7.7.22 - Authenticated (Author+) Cross-Site Scripting
Published
2021-04-13
Title
Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)