CVE-2022-3828 – Video Thumbnails <= 2.12.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-3828
The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento Video Thumbnails de WordPress hasta la versión 2.12.3 no sanitiza ni escapa algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting (XSS) Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The Video Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.12.3 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/4188ed01-b64b-4aba-a215-e8dc5b308486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0826 – WP Video Gallery <= 1.7.1 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users El plugin WP Video Gallery de WordPress versiones hasta 1.7.1, no sanea ni escapa de un parámetro antes de usarlo en una sentencia SQL por medio de una acción AJAX, conllevando a una inyección SQL explotable por usuarios no autenticados • https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-45255
https://notcve.org/view.php?id=CVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. El parámetro email del archivo ajax.php de Video Sharing Website versión 1.0, parece ser vulnerable a ataques de inyección SQL. Una carga útil inyecta una subconsulta SQL que llama a la función load_file de MySQL con una ruta de archivo UNC que hace referencia a una URL en un dominio externo. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/Video-Sharing-Website • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-24414 – YT Player < 1.4 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24414
The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode El plugin Video Player for YouTube de WordPress versiones anteriores a 1.4 no sanea ni comprueba los parámetros de su shortcode, lo que permite a usuarios con un rol tan bajo como el de contribuidor establecer en ellos payloads de tipo Cross-Site Scripting que serán desencadenados en la/s página/s con el shortcode malicioso insertado • https://wpscan.com/vulnerability/e20b805d-eb11-4702-9803-77de276000ac • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24337 – Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection
https://notcve.org/view.php?id=CVE-2021-24337
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection. El parámetro GET id de uno de los plugins de WordPress Video Embed versiones hasta 1.0, la página (disponible por medio de la navegación forzada) no saneaba, comprobaba o escapaba antes de ser usada en una sentencia SQL, permitiendo a usuarios pocos privilegiados, como los suscriptores, llevar a cabo una inyección SQL • https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •