Compact WP Audio Player, CVE-2021-24734

CVE, Research URL: CVE-2021-24734
Home page URL: Security reports for Compact WP Audio Player
Application: Compact WP Audio Player
Published on: Oct 18, 2021
Research Description: The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
Affected versions: Min -, max 1.9.7.
Status: vulnerable