Multiple Cross-Site Scripting Vulnerabilities in Apptha Video Gallery Plugin
CVE-2014-9098

Currently unrated

Key Information:

Vendor: Wordpress
Status: Contus Video Gallery
Vendor: CVE Published:; 26 November 2014

Summary

The Apptha WordPress Video Gallery plugin version 2.5 contains multiple cross-site scripting vulnerabilities that can be exploited by remote authenticated users. These vulnerabilities allow attackers to inject arbitrary web scripts or HTML via the videoadssearchQuery parameter, affecting three key PHP files: videoads/videoads.php, video/video.php, and playlist/playlist.php. Successful exploitation can lead to unauthorized actions on behalf of users and compromise the security of the affected WordPress site.

References

http://packetstormsecurity.com/files/127611/WordPress-Vid...

x_refsource_MISC

http://www.securityfocus.com/bid/68883

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 26, 2014