CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-4955

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.4%

CVSS Severity

CVSS v3 Score 4.7

References

https://wpscan.com/vulnerability/b84a73a4-7e9b-4994-a9bb-ad47f7cf45da/

Products affected by CVE-2025-4955

Amauri » Tarteaucitron.io » Version: Any

cpe:2.3:a:amauri:tarteaucitron.io:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4955

Products

Pricing

Contact Us