Reflected Cross-Site Scripting Vulnerability in HSS Embed Streaming Video by Hoststreamsell
CVE-2025-23523

7.1HIGH

Key Information:

Vendor: WordPress
Status: Hss Embed Streaming Video
Vendor: CVE Published:; 14 February 2025

Summary

The HSS Embed Streaming Video plugin by Hoststreamsell is susceptible to a reflected XSS vulnerability. This arises from improper neutralization of user input during web page generation, enabling attackers to execute arbitrary scripts in the context of the user's browser. The exploit can give unauthorized access to sensitive user data, impacting the overall security posture of affected installations. Users are encouraged to review their versions and apply necessary updates to mitigate potential exploitation.

Affected Version(s)

HSS Embed Streaming Video <= 3.23

References

https://patchstack.com/database/wordpress/plugin/hss-embe...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)