CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0170

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.0%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-0170

Bplugins » Html5 Audio Player » Version: N/A

cpe:2.3:a:bplugins:html5_audio_player:-
Bplugins » Html5 Audio Player » Version: 1.0

cpe:2.3:a:bplugins:html5_audio_player:1.0
Bplugins » Html5 Audio Player » Version: 1.1

cpe:2.3:a:bplugins:html5_audio_player:1.1
Bplugins » Html5 Audio Player » Version: 1.2

cpe:2.3:a:bplugins:html5_audio_player:1.2
Bplugins » Html5 Audio Player » Version: 1.3

cpe:2.3:a:bplugins:html5_audio_player:1.3
Bplugins » Html5 Audio Player » Version: 2.1.10

cpe:2.3:a:bplugins:html5_audio_player:2.1.10
Bplugins » Html5 Audio Player » Version: 2.1.3

cpe:2.3:a:bplugins:html5_audio_player:2.1.3
Bplugins » Html5 Audio Player » Version: 2.1.5

cpe:2.3:a:bplugins:html5_audio_player:2.1.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0170

Products

Pricing

Contact Us