CVE-2024-13393
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Jan 18, 2025
CWE ID 79
Summary
CVE-2024-13393: A stored Cross-Site Scripting (XSS) vulnerability affects the Video Share VOD plugin for WordPress. The issue lies in the 'videowhisper_videos' shortcode, which does not adequately sanitize and escape user-supplied attributes. Consequently, authenticated attackers, holding contributor-level access or higher, can inject malicious web scripts. These scripts will execute whenever a user visits an injected page, posing a significant security risk. Versions up to and including 2.6.31 are affected.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share