Wp Video Lightbox

wp_video_lightbox

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4465 1Tipsandtricks Hq 1Wp Video Lightbox Apr 7, 2025 Jan 16, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perf...Show more The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.Show less
CVE-2022-2189 1Tipsandtricks Hq 1Wp Video Lightbox Nov 21, 2024 Jul 25, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2021-24665 1Tipsandtricks Hq 1Wp Video Lightbox Nov 21, 2024 Aug 30, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks