The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-01T14:18:55.845Z
Updated: 2024-01-01T14:18:55.845Z
Reserved: 2023-12-04T13:39:00.579Z
Link: CVE-2023-6485
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-01T15:15:43.393
Modified: 2024-01-08T19:31:52.377
Link: CVE-2023-6485
JSON object: View
Redhat Information
No data.
CWE