Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0170 | 1 Bplugins | 1 Html5 Audio Player | 2023-02-14 | N/A | 5.4 MEDIUM |
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
CVE-2021-24412 | 1 Bplugins | 1 Html5 Audio Player | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode |