First published: Mon Jan 16 2023(Updated: )
The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Wp Video Lightbox | <1.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the WP Video Lightbox WordPress plugin is CVE-2022-4465.
The severity of CVE-2022-4465 is medium with a CVSS score of 5.4.
The WP Video Lightbox plugin vulnerability allows users with low-level roles, such as contributors, to perform Stored Cross-Site Scripting (XSS) attacks.
The WP Video Lightbox plugin before version 1.9.7 is affected by the vulnerability.
The WP Video Lightbox plugin vulnerability can be exploited by injecting malicious code in shortcode attributes.