Cross-site Scripting Vulnerability in LambertGroup Video Player Plugin
CVE-2025-48159

7.1HIGH

Key Information:

Vendor: WordPress
Status: Youtube Vimeo Video Player And Slider WP Plugin
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-48159?

The LambertGroup Youtube Vimeo Video Player and Slider WP Plugin contains a vulnerability that allows attackers to exploit reflected cross-site scripting (XSS) attacks. This flaw enables the injection of malicious scripts through improperly processed user inputs during web page generation. As a result, this vulnerability can lead to unauthorized actions on behalf of users, potentially compromising sensitive data and site integrity. It is crucial for users of this plugin to apply necessary security measures promptly to prevent exploitation.

Affected Version(s)

Youtube Vimeo Video Player and Slider WP Plugin <= 3.8

References

https://patchstack.com/database/wordpress/plugin/video-pl...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
May 15, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)