Cross-site Scripting Vulnerability in LambertGroup Universal Video Player
CVE-2025-31057

7.1HIGH

Key Information:

Vendor: WordPress
Status: Universal Video Player
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-31057?

The LambertGroup Universal Video Player is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability. This flaw arises from improper handling of user input during web page generation, potentially allowing attackers to inject malicious scripts that could be executed in the context of unsuspecting users. This affects Universal Video Player versions from n/a through 1.4.0.

Affected Version(s)

Universal Video Player <= 1.4.0

References

https://patchstack.com/database/wordpress/plugin/elemento...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)