Cross-Site Scripting Vulnerability in LambertGroup's Youtube Vimeo Video Player and Slider
CVE-2025-53563

7.1HIGH

Key Information:

Vendor: WordPress
Status: Youtube Vimeo Video Player And Slider
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-53563?

The LambertGroup Youtube Vimeo Video Player and Slider is susceptible to a Cross-Site Scripting (XSS) vulnerability. Malicious actors can exploit this flaw to inject unwanted scripts into the web application, leading to the execution of arbitrary JavaScript in users' browsers. This vulnerability allows for the potential theft of user credentials, session tokens, and other sensitive information. Immediate action is recommended to mitigate the risk associated with this security issue, especially for versions up to 3.8.

Affected Version(s)

Youtube Vimeo Video Player and Slider <= 3.8

References

https://patchstack.com/database/wordpress/plugin/video_pl...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jul 3, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)