CVE-2024-2428

The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

CVSS 4.7 MEDIUMEPSS 0.5%

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 abr 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Produtos afetados

Unknown · The Ultimate Video Player For WordPress

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/4832e223-4571-4b45-97db-2fd403797c49/