ThreatPress

WordPress Vulnerabilities Database

Back

WordPress HDW Video Gallery Plugin <= 1.2 - Cross-Site Scripting (XSS)

Product
HDW PLayer
Description
Because of this vulnerability, the variable playlist appears to send unsanitized data back to the users browser.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Vapid
CVE
Name CVE-N/A
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2016-04-12
Credits
Larry W. Cashdollar
Submitter
ThreatPress