CVE-2023-4962

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 11, 2024

Updated: Jan 17, 2024

CWE ID 1392

Summary

CVE-2023-4962 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Video PopUp plugin for WordPress. This issue, present in versions up to 1.1.3, stems from insufficient input sanitization and output escaping on user-supplied attributes in the 'video_popup' shortcode. Consequently, authenticated attackers with contributor-level permissions or higher can inject malicious web scripts that will execute every time an injected page is accessed, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tmNJbc
https://www.cve.org/CVERecord?id=CVE-2023-4962
https://nvd.nist.gov/vuln/detail/CVE-2023-4962

Back to Vulnerability Database

CVE-2023-4962

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations