CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48320 – WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-48320
23 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en WebDorado SpiderVPlayer permite almacenar XSS. Este problema afecta a SpiderVPlayer: desde n/a hasta 1.5.22. The SpiderVPlayer plugin for WordPress is vulnerable to Stored Cross-Site Scr... • https://patchstack.com/database/vulnerability/player/wordpress-spidervplayer-plugin-1-5-22-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45632 – WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45632
11 Oct 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento WebDorado SpiderVPlayer en versiones <= 1.5.22. The Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attac... • https://patchstack.com/database/vulnerability/player/wordpress-spidervplayer-plugin-1-5-22-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •