CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24414

The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2021-24414

Video Player For Youtube Project » Video Player For Youtube » Version: N/A

cpe:2.3:a:video_player_for_youtube_project:video_player_for_youtube:-
Video Player For Youtube Project » Video Player For Youtube » Version: 1.0

cpe:2.3:a:video_player_for_youtube_project:video_player_for_youtube:1.0
Video Player For Youtube Project » Video Player For Youtube » Version: 1.1

cpe:2.3:a:video_player_for_youtube_project:video_player_for_youtube:1.1
Video Player For Youtube Project » Video Player For Youtube » Version: 1.2

cpe:2.3:a:video_player_for_youtube_project:video_player_for_youtube:1.2
Video Player For Youtube Project » Video Player For Youtube » Version: 1.3

cpe:2.3:a:video_player_for_youtube_project:video_player_for_youtube:1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24414

Products

Pricing

Contact Us