Medium severity6.1NVD Advisory· Published Jul 25, 2022· Updated Jun 17, 2026
CVE-2022-2189
CVE-2022-2189
Description
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.9.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/b6ed4d64-ee98-41bd-a97a-8350c2a8a546nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.