CVE-2014-4534

Currently unrated

Key Information:

Vendor: Wordpress
Status: Html5 Video Player With Playlist Plugin
Vendor: CVE Published:; 2 July 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter.

References

http://codevigilant.com/disclosure/wp-plugin-html5-video-...

x_refsource_MISC

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014