Vulnerabilities and security researches fors3bubble-amazon-web-services-oembed-media-streaming-support s3bubble-amazon-web-services-oembed-media-streaming-support

Mar 13, 2025

CVE, Research URL: CVE-2024-13862
Home page URL: Security reports for S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality)
Application: S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality)
Date: Mar 11, 2025
Research Description: The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: Min -, max -.
Status: vulnerable