WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-45632
7.1HIGH
Summary
The WebDorado SpiderVPlayer plugin prior to version 1.5.22 is susceptible to an unauthenticated reflected cross-site scripting vulnerability. This flaw permits attackers to inject malicious scripts into web pages, compromising user data and potentially leading to session hijacking or phishing attacks. Site owners using affected versions should update the plugin immediately to mitigate risk and enhance security.
Affected Version(s)
SpiderVPlayer <= 1.5.22
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Elliot (Patchstack Alliance)