cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13625,https://securityvulnerability.io/vulnerability/CVE-2024-13625,Reflected Cross-Site Scripting in Tube Video Ads Lite Plugin by WordPress,"The Tube Video Ads Lite plugin for WordPress, versions up to 1.5.7, contains a vulnerability that allows for reflected cross-site scripting. This is due to the failure to properly sanitize and escape user-inputted parameters before rendering them on the webpage. Exploitation of this vulnerability could allow attackers to execute arbitrary JavaScript in the context of the user's browser, particularly affecting users with high privilege roles, such as administrators. Proper mitigation and updates are crucial to ensure the security of the application and its users.",WordPress,Tube Video Ads Lite,7.1,HIGH,0.0004299999854993075,false,,false,false,true,2025-02-17T06:00:06.000Z,true,false,false,,2025-02-17T06:00:06.365Z,0
CVE-2025-0692,https://securityvulnerability.io/vulnerability/CVE-2025-0692,Stored Cross-Site Scripting in Simple Video Management System Plugin for WordPress,"The Simple Video Management System Plugin for WordPress allows high privilege users, such as administrators, to exploit a Stored Cross-Site Scripting (XSS) vulnerability due to insufficient sanitization and escaping of certain settings. This weakness persists even when the unfiltered_html capability is disabled, making it particularly risky in multisite environments, where multiple users and heightened privileges are present.",WordPress,Simple Video Management System,3.5,LOW,0.0004299999854993075,false,,false,false,true,2025-02-13T06:00:12.000Z,true,false,false,,2025-02-13T06:00:12.915Z,0
CVE-2024-12504,https://securityvulnerability.io/vulnerability/CVE-2024-12504,Stored Cross-Site Scripting in Broadcast Live Video Streaming Plugin for WordPress,"The Broadcast Live Video – Live Streaming plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability through the 'videowhisper_hls' shortcode. This flaw arises from inadequate input sanitization and output escaping for user-supplied attributes. As a result, authenticated users with contributor-level access or higher can inject malicious JavaScript into web pages. Such scripts will execute whenever a user visits the compromised page, posing significant security risks to affected sites.",Wordpress,"Broadcast Live Video – Live Streaming : Html5, Webrtc, Hls, Rtsp, Rtmp",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-23T11:13:28.100Z,0
CVE-2024-13393,https://securityvulnerability.io/vulnerability/CVE-2024-13393,Stored Cross-Site Scripting Vulnerability in Video Share VOD Plugin for WordPress,"The Video Share VOD plugin for WordPress is susceptible to a stored Cross-Site Scripting vulnerability through the 'videowhisper_videos' shortcode. This issue arises from inadequate input sanitization and output escaping of user-supplied attributes in all versions through 2.6.31. Authenticated attackers with contributor-level access or higher can exploit this weakness to inject malicious scripts. These scripts will execute in the context of users visiting the affected pages, posing significant risks to user data and site integrity.",Wordpress,Video Share Vod – Turnkey Video Site Builder Script,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-18T07:05:10.788Z,0
CVE-2024-12403,https://securityvulnerability.io/vulnerability/CVE-2024-12403,Reflected Cross-Site Scripting in Image Gallery Plugin for WordPress,"The Image Gallery – Responsive Photo Gallery plugin for WordPress is susceptible to Reflected Cross-Site Scripting (XSS) vulnerabilities due to inadequate input sanitization and output escaping in the 'awsmgallery' parameter. This flaw allows attackers to craft malicious scripts that can be executed by users when tricked into clicking on a compromised link, leading to potential unauthorized actions and data exposure. This affects all versions through 1.0.5, highlighting the importance of updating and maintaining secure coding practices.",Wordpress,Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-01-15T09:25:55.266Z,0
CVE-2024-13156,https://securityvulnerability.io/vulnerability/CVE-2024-13156,DOM-Based Stored Cross-Site Scripting in HTML5 Video Player for WordPress,"The HTML5 Video Player plugin for WordPress is susceptible to DOM-Based Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. Attackers with Contributor-level access or higher can exploit this vulnerability through the 'heading' parameter. By manipulating this parameter, they can inject harmful web scripts that execute whenever a user visits the compromised page, posing security risks to site users and potentially compromising their data.",Wordpress,Html5 Video Player – Mp4 Video Player Plugin And Block,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-01-14T08:23:14.833Z,0
CVE-2024-12256,https://securityvulnerability.io/vulnerability/CVE-2024-12256,Reflected Cross-Site Scripting in Simple Video Management System Plugin for WordPress,"The Simple Video Management System plugin for WordPress is susceptible to Reflected Cross-Site Scripting via the 'analytics_video' parameter. This vulnerability arises from inadequate input sanitization and output escaping in versions up to and including 1.0.4, allowing unauthenticated attackers to inject malicious web scripts. Attackers could exploit this issue by deceiving users into clicking on specially crafted links, leading to potential execution of arbitrary scripts in user sessions.",Wordpress,Simple Video Management System,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-07T04:22:19.453Z,0
CVE-2024-12214,https://securityvulnerability.io/vulnerability/CVE-2024-12214,Reflected Cross-Site Scripting in WooCommerce HSS Extension for Streaming Video,"The WooCommerce HSS Extension for Streaming Video plugin for WordPress suffers from a vulnerability that allows unauthenticated attackers to exploit the 'videolink' parameter. Due to inadequate input sanitization and output escaping, this flaw enables attackers to inject arbitrary web scripts into web pages. If a user is tricked into clicking a malicious link, the injected script can execute in their browser context, potentially leading to account compromises or unauthorized data access.",Wordpress,WooCommerce Hss Extension For Streaming Video,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-07T04:21:57.210Z,0
CVE-2024-11883,https://securityvulnerability.io/vulnerability/CVE-2024-11883,Stored Cross-Site Scripting Vulnerability in Connatix Video Embed Plugin for WordPress,"The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Connatix Video Embed,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-14T04:23:43.765Z,0
CVE-2024-12162,https://securityvulnerability.io/vulnerability/CVE-2024-12162,Ultimate Member Video & Photo Gallery Plugin Vulnerable to Reflected XSS,"The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Video & Photo Gallery For Ultimate Member,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-12-12T04:23:14.349Z,0
CVE-2024-10247,https://securityvulnerability.io/vulnerability/CVE-2024-10247,Time-Based SQL Injection Vulnerability in The Video Gallery Plugin,"The Video Gallery – Best WordPress YouTube Gallery Plugin, used extensively for showcasing YouTube content on WordPress sites, is susceptible to a time-based SQL injection vulnerability. This issue arises from insufficient escaping of user-supplied parameters and flawed preparation of SQL queries. Authenticated attackers with Administrator-level access can exploit this vulnerability to inject additional SQL queries into existing queries. This manipulation could potentially enable these attackers to extract sensitive information stored within the database, posing significant risks to the integrity of user data and application security.",Wordpress,Video Gallery – Youtube Gallery And Vimeo Gallery,7.2,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2024-12-06T03:25:39.169Z,0
CVE-2024-9769,https://securityvulnerability.io/vulnerability/CVE-2024-9769,Stored Cross-Site Scripting Vulnerability Affects The Video Gallery Plugin,"The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress contains a vulnerability that enables Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping. Authenticated attackers with administrator-level permissions can exploit this flaw to inject arbitrary web scripts into pages. This issue primarily affects installations with multi-site configurations and those where the unfiltered_html option is disabled, allowing malicious scripts to execute whenever a user accesses the compromised pages.",Wordpress,Video Gallery – Youtube Gallery And Vimeo Gallery,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-06T03:25:38.678Z,0
CVE-2024-11203,https://securityvulnerability.io/vulnerability/CVE-2024-11203,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, PDF 3d Flipbook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, Youtube Videos, Maps & Upload PDF Documents",6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-28T08:47:30.755Z,0
CVE-2024-11202,https://securityvulnerability.io/vulnerability/CVE-2024-11202,WordPress Plugins Vulnerable to Reflected Cross-Site Scripting,Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.,Wordpress,"Cm WordPress Search And Replace Plugin,Video Lessons Manager – WordPress Lms Plugin,Cm Tooltip Glossary,Cm Pop-up Banners For WordPress,Cm Header & Footer Script Loader – Insert Script Plugin,Name: Cm E-mail Registration Blacklist,Cm Business Directory Plugin – Business Listing Directory",6.1,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2024-11-26T07:31:31.790Z,0
CVE-2024-10034,https://securityvulnerability.io/vulnerability/CVE-2024-10034,Stored Cross-Site Scripting Vulnerability in Gallery Blocks with Lightbox,"The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Gallery Blocks With Lightbox. Image Gallery, (html5 Video , Youtube, Vimeo) Video Gallery And Lightbox For Native Gallery",5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-22T05:33:41.576Z,0
CVE-2024-11601,https://securityvulnerability.io/vulnerability/CVE-2024-11601,Cross-Site Request Forgery Vulnerability in Sky Addons for Elementor,"The Sky Addons for Elementor plugin for WordPress is prone to a Cross-Site Request Forgery vulnerability affecting all versions up to and including 2.6.1. This flaw arises from inadequate nonce validation within the save_options() function, which could allow an unauthenticated attacker to change arbitrary option values on a WordPress site through a malicious request. The attacker must trick a site administrator into clicking a link, thus enabling the execution of unauthorized actions. The vulnerability specifically impacts option values that can be saved as arrays.",Wordpress,"Sky Addons For Elementor (free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)",8.1,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-11-22T05:33:41.092Z,0
CVE-2024-11355,https://securityvulnerability.io/vulnerability/CVE-2024-11355,Unauthorized Access to Data in Vimeo Video Player & Shorts Plugin for WordPress,"The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view settings for playlists.",Wordpress,Ultimate Youtube Video & Shorts Player With Vimeo,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-22T05:33:40.599Z,0
CVE-2024-11104,https://securityvulnerability.io/vulnerability/CVE-2024-11104,Unauthorized Modification of Data Leads to Denial of Service in Sky Addons for Elementor,"The Sky Addons for Elementor plugin offers a range of features for enhancing WordPress sites, but it presents a security weakness that allows for unauthorized data modifications. This vulnerability stems from a lack of capability checks in the save_options() function, affecting all versions up to 2.6.2. Authenticated attackers, even those with subscriber-level access, can exploit this flaw to alter arbitrary options that can be saved as arrays. This leads to potential denial of service for the affected WordPress installations, compromising their functionality and security.",Wordpress,"Sky Addons For Elementor (free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)",8.1,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-11-22T05:33:40.055Z,0
CVE-2024-9542,https://securityvulnerability.io/vulnerability/CVE-2024-9542,Sensitive Information Exposure Vulnerability in Elementor Plugin,"The Sky Addons for Elementor plugin for WordPress has a significant vulnerability allowing authenticated users with Contributor-level access and higher to access sensitive data. This vulnerability, arising from the render function in the modules/content-switcher/widgets/content-switcher.php file, exposes private, pending, and draft Elementor template data. Affected versions include all versions up to and including 2.6.1, posing a threat to the confidentiality of user-generated content.",Wordpress,"Sky Addons For Elementor (free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-21T11:02:19.986Z,0
CVE-2024-11428,https://securityvulnerability.io/vulnerability/CVE-2024-11428,Stored Cross-Site Scripting Vulnerability in Lazy Load Videos and Sticky Control Plugin,"The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Lazy Load Videos And Sticky Control,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-21T02:06:29.262Z,0
CVE-2024-11354,https://securityvulnerability.io/vulnerability/CVE-2024-11354,Unauthorized Modification of Data via Del_YtsingVID Function in Vimeo Plugin for WordPress,"The Ultimate YouTube Video & Shorts Player with Vimeo plugin for WordPress exhibits a vulnerability that permits unauthorized data modification due to the absence of an essential capability check in the del_ytsingvid() function. This vulnerability is present in all versions up to and including 3.3. Authenticated attackers with Subscriber-level access and higher can exploit this issue to delete individual playlists, potentially leading to a significant compromise in data integrity and site functionality. Users are urged to implement security measures and update their plugins to mitigate potential risks.",Wordpress,Ultimate Youtube Video & Shorts Player With Vimeo,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-21T02:06:28.576Z,0
CVE-2024-52431,https://securityvulnerability.io/vulnerability/CVE-2024-52431,SQL Injection Vulnerability in Pressaholic WordPress Video Robot by Pressaholic,"A vulnerability has been identified in the Pressaholic WordPress Video Robot - The Ultimate Video Importer plugin, where improper neutralization of special elements in SQL commands allows for SQL Injection attacks. This flaw poses significant risks as it can enable attackers to manipulate database queries, potentially leading to unauthorized access, data breaches, and further exploitation of the affected system. The vulnerability affects all versions of the plugin up to and including 1.20.0, necessitating prompt action for users to secure their WordPress installations.",Wordpress,WordPress Video Robot,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-18T15:15:00.000Z,0
CVE-2024-9192,https://securityvulnerability.io/vulnerability/CVE-2024-9192,Privilege Escalation Vulnerability in WordPress Video Robot's Ultimate Video Importer Plugin,"The WordPress Video Robot plugin, developed by CodeCanyon, is affected by a vulnerability that involves insufficient validation of user metadata, specifically in the wpvr_rate_request_result() function. This weakness enables authenticated users with subscriber-level access and above to manipulate their user metadata, allowing them to escalate their privileges to that of an administrator. This vulnerability impacts all versions of the plugin up to and including version 1.20.0, thereby posing a significant risk to WordPress sites utilizing this plugin.",Wordpress,WordPress Video Robot - The Ultimate Video Importer,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-11-16T03:20:44.515Z,0
CVE-2024-10861,https://securityvulnerability.io/vulnerability/CVE-2024-10861,Unauthorized Data Modification Vulnerability in The Popup Box Plugin,"The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress has a design flaw that results in unauthorized modification of critical plugin settings. The vulnerability arises from a lack of proper capability checks in the deactivate_plugin_option() function. As a result, attackers who do not possess authentication can exploit this flaw to manipulate the 'ays_pb_upgrade_plugin' option, potentially leading to arbitrary changes in the plugin's configuration and behavior across all versions up to and including 4.9.7.",Wordpress,"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-16T03:15:00.000Z,0
CVE-2024-10535,https://securityvulnerability.io/vulnerability/CVE-2024-10535,Unauthorized Modification of Data in Video Gallery Plugin,"The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory.",Wordpress,Video Gallery For WooCommerce,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-06T06:43:30.122Z,0