CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37445 – WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37445
28 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en bPlugins Html5 Audio Player permite XSS almacenado. Este problema afecta al Html5 Audio Player: desde n/a hasta 2.2.23. The Html5 Audio Player plugin for WordPress ... • https://patchstack.com/database/vulnerability/html5-audio-player/wordpress-html5-audio-player-plugin-2-2-23-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0170 – Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0170
12 Jan 2023 — The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Html5 Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.1.11 due to insufficient input sanitization and output escapin... • https://wpscan.com/vulnerability/19ee5e33-acc8-40c5-8f54-c9cb0fa491f0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24412 – Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24412
20 Sep 2021 — The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode El plugin Html5 Audio Player - Audio Player de WordPress versiones anteriores a 2.1.3 no sanea ni comprueba los parámetros de su shortcode, permitiendo a usuarios con un rol tan bajo como el de colaborador est... • https://wpscan.com/vulnerability/c4ed3e52-cbe0-46dc-ab43-65de78cfb225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •