PT-2024-39582 · WordPress · Embed Videos/Respect Privacy
Dale Mavers
+1
·
Published
2024-10-11
·
Updated
2024-10-15
·
CVE-2024-9346
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Embed videos and respect privacy plugin for WordPress versions prior to 1.2
Description
The issue allows unauthenticated attackers to inject arbitrary web scripts in pages due to insufficient input sanitization and output escaping via the
v parameter. This can be exploited if an attacker can trick a user into performing an action such as clicking on a link.Recommendations
For Embed videos and respect privacy plugin for WordPress versions prior to 1.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the
v parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Embed Videos/Respect Privacy