Lucene search
WPScanCVELIST:CVE-2021-24540HistoryAug 16, 2021 - 10:48 a.m.
CVE-2021-24540 Wonder Video Embed < 1.8 - Contributor+ Stored XSS
2021-08-1610:48:31
CWE-79
WPScan
www.cve.org
2
cve-2021-24540
wonder video embed
wordpress plugin
stored xss
contributor role
EPSS
0.001
Percentile
24.8%
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
CNA Affected
[
{
"product": "Wonder Video Embed",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8",
"status": "affected",
"version": "1.8",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-24540
2021-08-16 11:15:09
wpvulndb
wpvulndb
Wonder Video Embed < 1.8 - Contributor+ Stored XSS
2021-07-19 00:00:00
nvd
nvd
CVE-2021-24540
2021-08-16 11:15:09
cnvd
cnvd
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-66921)
2021-08-18 00:00:00
prion
prion
Cross site scripting
2021-08-16 11:15:00
wpexploit
wpexploit
Wonder Video Embed < 1.8 - Contributor+ Stored XSS
2021-07-19 00:00:00