CVE-2024-13393

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jan 18, 2025
CWE ID 79

Summary

CVE-2024-13393: A stored Cross-Site Scripting (XSS) vulnerability affects the Video Share VOD plugin for WordPress. The issue lies in the 'videowhisper_videos' shortcode, which does not adequately sanitize and escape user-supplied attributes. Consequently, authenticated attackers, holding contributor-level access or higher, can inject malicious web scripts. These scripts will execute whenever a user visits an injected page, posing a significant security risk. Versions up to and including 2.6.31 are affected.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share