Reflected XSS Vulnerability in HDW Tube Plugin for WordPress
CVE-2016-1000135

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Hdw-tube
Vendor
CVE Published:
10 October 2016

What is CVE-2016-1000135?

The HDW Tube plugin for WordPress contains a reflected cross-site scripting (XSS) vulnerability which allows attackers to inject malicious scripts into web pages viewed by users. The vulnerability arises from inadequate input validation, enabling potential exploitation through specially crafted URLs. Attackers can leverage this weakness to execute arbitrary JavaScript in the context of a user's session, leading to unauthorized actions or data exposure. This vulnerability affects users of the plugin who have not updated to version 1.2 or later.

References

https://wordpress.org/plugins/hdw-tube
x_refsource_MISC
http://www.vapidlabs.com/wp/wp_advisory.php?v=533
x_refsource_MISC
http://www.securityfocus.com/bid/93820
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.