CVE-2025-0692

Name of the Vulnerable Software and Affected Versions Simple Video Management System WordPress plugin versions 1.0.0 through 1.0.4

Description The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not sanitise and escape some of its settings, and the attack can occur even when the unfiltered html capability is disallowed, for example in a multisite setup.

Recommendations For versions 1.0.0 through 1.0.4, update to a version that addresses the sanitization and escaping of settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.