Lucene search
ErdemstarWPEX-ID:0CD5B288-05B3-48B7-9245-F59CE7377861HistoryMay 08, 2024 - 12:00 a.m.
Playlist for Youtube <= 1.32 - Editor+ Stored XSS
2024-05-0800:00:00
Erdemstar
18
youtube
xss
playlist
editor
may 22 2024
update
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to https://example.com/wp-admin/admin.php?page=playlists_yt_free
2. For the Playlist Name and/or Video size add the payload `"><script>alert(1)</script>`
3. Click "Add" and see the XSSRelated
vulnrichment
vulnrichment
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
2024-05-29 06:00:02
cve
cve
CVE-2024-3937
2024-05-29 06:18:32
wpvulndb
wpvulndb
Playlist for Youtube <= 1.32 - Editor+ Stored XSS
2024-05-08 00:00:00
nvd
nvd
CVE-2024-3937
2024-05-29 06:18:32
cvelist
cvelist
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
2024-05-29 06:00:02
wordfence
wordfence
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPEX-ID:0CD5B288-05B3-48B7-9245-F59CE7377861