Stored Cross-Site Scripting Vulnerability in Responsive Videos Plugin for WordPress
CVE-2024-11747
6.4MEDIUM
What is CVE-2024-11747?
The Responsive Videos plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-defined attributes within the 'somryv' shortcode. This vulnerability can be exploited by authenticated users with contributor-level access and higher, allowing them to inject arbitrary web scripts into web pages. These scripts are executed when other users access the affected pages, posing a significant security risk for WordPress websites utilizing this plugin.