The plugin does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
https://example.com/wp-admin/options-general.php?page=wp_video_lightbox&"><script>alert(1)</script>
ZhongFu Su(JrXnm) of WuHan University
ZhongFu Su(JrXnm) of WuHan University
Yes
2022-07-04 (about 1 months ago)
2022-07-04 (about 1 months ago)
2022-07-04 (about 1 months ago)