PT-2025-14476 · WordPress · Video Url Plugin
Johannes Skamletz
+1
·
Published
2025-04-02
·
Updated
2025-04-02
·
CVE-2025-3098
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Video Url plugin for WordPress versions up to, and including, 1.0.0.3
Description
The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The
id parameter is specifically vulnerable to this type of attack.Recommendations
For Video Url plugin for WordPress versions up to, and including, 1.0.0.3, consider updating to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, restrict access to the
id parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Video Url Plugin