WordPress Plugin Vulnerabilities

Post video players <= 1.136 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Post video players, slideshow albums, photo galleries and music / podcast playlist WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
video-playlist-and-gallery-plugin
Fixed in 1.137

References

URL
http://cinu.pl/research/wp-plugins/mail_23f810f96cb5521ea45d125ed8fe81a0.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7505d6b8-e9ef-4db2-9841-d28d5d0fdbb1

Timeline

Publicly Published
2015-08-25 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-05-01
Title
Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS
Published
2024-08-07
Title
Ultimate Addons for Beaver Builder – Lite < 1.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-18
Title
Improve My City <= 1.6 - Unauthenticated Stored Cross-Site Scripting
Published
2022-05-04
Title
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
Published
2025-06-27
Title
WP AdCenter < 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting