Cross-Site Scripting Vulnerabilities in HTML5 Video Player Plugin for WordPress
CVE-2014-4534

Currently unrated

Key Information:

Vendor: Wordpress
Status: Html5 Video Player With Playlist Plugin
Vendor: CVE Published:; 2 July 2014

Summary

The HTML5 Video Player with Playlist plugin for WordPress suffers from multiple cross-site scripting (XSS) vulnerabilities due to improper input sanitization in the videoplayer/autoplay.php file. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML through the theme or playlistmod parameters, potentially compromising the integrity of the website and affecting its users.

References

http://codevigilant.com/disclosure/wp-plugin-html5-video-...

x_refsource_MISC

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014