Vulnerabilities and security researches forvideo-playlist-and-gallery-plugin video-playlist-and-gallery-plugin

Jun 07, 2024

CVE, Research URL: 8a9cb7c8b9bae1d383bc2ee1daa00183e22413ab
Home page URL: Security reports for Cincopa video and media plug-in
Application: Cincopa video and media plug-in
Date: Aug 25, 2015
Research Description: Cincopa video and media plug-in [video-playlist-and-gallery-plugin] < 1.137 WordPress Post Video Players Plugin <= 1.136 - XSS Because of this vulnerability, authenticated users (like editors) can store HTML or JS code. Update the plugin.
Affected versions: max 1.137.
Status: vulnerable

CVE, Research URL: CVE-2024-23515
Home page URL: Security reports for Cincopa video and media plug-in
Application: Cincopa video and media plug-in
Date: Mar 27, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.
Affected versions: max 1.160.
Status: vulnerable

CVE, Research URL: CVE-2015-10109
Home page URL: Security reports for Cincopa video and media plug-in
Application: Cincopa video and media plug-in
Date: Jun 01, 2023
Research Description: A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.
Affected versions: max 1.137.
Status: vulnerable

Jan 11, 2026

CVE, Research URL: CVE-2025-62142
Home page URL: Security reports for Cincopa video and media plug-in
Application: Cincopa video and media plug-in
Date: Dec 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicashmu Cincopa video and media plugin allows Stored XSS.This issue affects Cincopa video and media plug-in: from n/a through 1.163.
Affected versions: max 1.163.
Status: vulnerable

CVE, Research URL: CVE-2025-62143
Home page URL: Security reports for Cincopa video and media plug-in
Application: Cincopa video and media plug-in
Date: Dec 31, 2025
Research Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163.
Affected versions: max 1.163.
Status: vulnerable