WordPress Plugin Vulnerabilities

Vimeotheque < 2.2.2 - Reflected XSS

Description

The Plugin does not sanitise and escape the view and page parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
codeflavors-vimeo-video-post-lite
Fixed in 2.2.2

References

CVE
CVE-2023-30498

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Ivy - TOOR, LISA
Verified
Yes
WPVDB ID
cecd3e88-933f-488b-9ddc-dd3a31573ed8

Timeline

Publicly Published
2023-04-14 (about 3 years ago)
Added
2023-08-16 (about 2 years ago)
Last Updated
2023-08-16 (about 2 years ago)

Other

Published
Title
Published
2016-08-14
Title
Photo Gallery by Supsystic < 1.8.6 - Stored Cross-Site Scripting via CSRF
Published
2025-07-14
Title
Email Attachment by Order Status & Products <= 1.0.1 - Reflected Cross-Site Scripting
Published
2025-11-30
Title
Tutor LMS Elementor Addons < 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-02-14
Title
WP Activity Log < 4.6.2 - Unauthenticated Stored Cross-Site Scripting
Published
2024-08-16
Title
Meta Field Block < 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting