Cross-site Scripting Vulnerability in Universal Video Player Addon for WPBakery Page Builder
CVE-2025-48170

7.1HIGH

Key Information:

Vendor: WordPress
Status: Universal Video Player - Addon For WPbakery Page Builder
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-48170?

A cross-site scripting (XSS) vulnerability in the Universal Video Player Addon for WPBakery Page Builder could allow attackers to inject malicious scripts into web pages. This vulnerability affects versions from n/a up to 3.2.1, potentially compromising user data or executing unauthorized actions if exploited. Users are advised to update to the latest version to mitigate risks.

Affected Version(s)

Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1

References

https://patchstack.com/database/wordpress/plugin/lbg-univ...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
May 15, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)