CVE-2025-13849 | Cool YT Player Plugin up to 1.0 on WordPress Shortcode videoid cross site scripting

Inserito da Angelo Barbosa | Gen 7, 2026 | CVE

A vulnerability was found in Cool YT Player Plugin up to 1.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation of the argument videoid results in cross site scripting.

This vulnerability is known as CVE-2025-13849. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-13849 | Cool YT Player Plugin up to 1.0 on WordPress Shortcode videoid cross site scripting

Post correlati

CVE-2024-38198 | Microsoft Windows up to Server 2022 23H2 Print Spooler data authenticity

CVE-2024-40605 | Foreground Skin up to 1.42.1 on MediaWiki Sidebar Menu cross site scripting

CVE-2024-38778 | Epsiloncool WP Fast Total Search Plugin up to 1.69.234 on WordPress cross-site request forgery

CVE-2023-51501 | Undsgn Uncode Theme up to 2.8.6 on WordPress cross site scripting