First published: Mon Jul 25 2022(Updated: )
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Wp Video Lightbox | <1.9.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-2189.
The severity of CVE-2022-2189 is medium (severity value: 6.1).
The affected software is the WP Video Lightbox WordPress plugin before version 1.9.5.
CVE-2022-2189 could lead to Reflected Cross-Site Scripting in old web browsers.
The fix for CVE-2022-2189 is to update the WP Video Lightbox WordPress plugin to version 1.9.5 or later.