Back to search
CVE-2024-2428
Published: Apr 10, 2024
Modified: Oct 30, 2024
PUBLISHED
Description
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks
| Vendor | Product | Versions |
|---|---|---|
Unknown | The Ultimate Video Player For WordPress | affected 0 - < 2.2.3 |
References
https://wpscan.com/vulnerability/4832e223-4571-4b45-97db-2fd403797c49/
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now