CVE-2024-13862 – S3Bubble Media Streaming <= 8.0 - Reflected XSS

https://notcve.org/view.php?id=CVE-2024-13862

18 Feb 2025 — The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 8.0 due to insuffi... • https://wpscan.com/vulnerability/7692b768-a33f-45a2-90f1-1f4258493979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •