CVE-2021-24464
YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 ago 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue.
Productos afectados
Unknown · YouTube Embed, Playlist and Popup by WpDevArt