CVE-2022-3937

Name of the Vulnerable Software and Affected Versions Easy Video Player WordPress plugin versions prior to 1.2.2.3

Description The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some parameters.

Recommendations For versions prior to 1.2.2.3, update to version 1.2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the role of users to prevent them from exploiting the vulnerability.