CVE-2025-27330
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through <= 2.23.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DOM-based XSS vulnerability in PlayerJS WordPress plugin allows attackers to inject scripts via improper input neutralization, affecting versions up to 2.23.
Vulnerability
Overview The PlayerJS plugin for WordPress suffers from a DOM-based Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This affects all versions from n/a through 2.23. [1]
Exploitation
Conditions An attacker can exploit this vulnerability by tricking a privileged user into performing an action such as clicking a malicious link or visiting a crafted page. The vulnerability is often used in mass-exploit campaigns targeting thousands of websites regardless of size. [1]
Impact
Successful exploitation allows the attacker to inject arbitrary scripts, including redirects, advertisements, and other HTML payloads, which execute when any visitor accesses the affected site. This can lead to defacement, data theft, or malware distribution. [1]
Mitigation
The vendor has released version 2.24 to address the issue. Users are strongly advised to update immediately. Patchstack users can enable auto-update for vulnerable plugins. [1]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.