Filtered by vendor Bplugins
Subscribe
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0170 | 1 Bplugins | 1 Html5 Audio Player | 2023-02-14 | N/A | 5.4 MEDIUM |
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
CVE-2021-24868 | 1 Bplugins | 1 Document Embedder | 2022-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. | |||||
CVE-2021-24775 | 1 Bplugins | 1 Document Embedder | 2022-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. | |||||
CVE-2021-24416 | 1 Bplugins | 1 Streamcast Radio Player | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
CVE-2021-24413 | 1 Bplugins | 1 Easy Twitter Feed | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
CVE-2021-24415 | 1 Bplugins | 1 Polo Video Gallery | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
CVE-2021-24412 | 1 Bplugins | 1 Html5 Audio Player | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode |