VYPR
Unrated severityNVD Advisory· Published Apr 10, 2024· Updated Oct 30, 2024

The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

CVE-2024-2428

Description

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.