Reflected XSS Vulnerability in HDW Tube WordPress Plugin
CVE-2016-1000134

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Hdw-tube
Vendor
CVE Published:
10 October 2016

What is CVE-2016-1000134?

The HDW Tube plugin for WordPress is vulnerable to a reflected cross-site scripting (XSS) attack, allowing attackers to inject malicious scripts into web pages viewed by users. This flaw occurs in version 1.2 of the plugin, and exploitation can lead to unauthorized actions performed on behalf of users. For more information about the vulnerability and how to mitigate it, check the official WordPress page and relevant security advisories.

References

https://wordpress.org/plugins/hdw-tube
x_refsource_MISC
http://www.vapidlabs.com/wp/wp_advisory.php?v=530
x_refsource_MISC
http://www.securityfocus.com/bid/93868
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.