Unrated severityNVD Advisory· Published Jun 18, 2025· Updated Jun 18, 2025

tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS

CVE-2025-4955

Description

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

Affected products

Awesome Weather Widget Project/Tarteaucitron.iov5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/b84a73a4-7e9b-4994-a9bb-ad47f7cf45da/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000