Lucene search
HistoryDec 19, 2022 - 2:15 p.m.
CVE-2022-3937
easy video player
wordpress
unescaped parameter
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.1%
The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Affected configurations
Node
noorsplugineasy_video_playerRange<1.2.2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| noorsplugin | easy_video_player | * | cpe:2.3:a:noorsplugin:easy_video_player:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Cross site scripting
2022-12-19 14:15:00
wpvulndb
wpvulndb
Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
2022-11-22 00:00:00
wpexploit
wpexploit
Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
2022-11-22 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-3937 Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
2022-12-19 13:41:41
cve
cve
CVE-2022-3937
2022-12-19 14:15:11
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.1%
Related for NVD:CVE-2022-3937