Wonderplugin

Wonder Video Embed

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2024-13743

  • EPSS 0.05%
  • Published 18.02.2025 23:15:09
  • Last modified 18.02.2025 23:15:09

The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user suppli...

5.4

CVE-2021-24540

Exploit
  • EPSS 0.18%
  • Published 16.08.2021 11:15:09
  • Last modified 21.11.2024 05:53:15

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.