cleantalk
Vulnerabilities and Security Researches

S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality), CVE-2024-13862

CVE, Research URL

CVE-2024-13862

Home page URL

Security reports for S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality)

Application

S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality)

Published on
Mar 11, 2025
Research Description
The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min -, max 8.0.
Status
vulnerable
Previous vulnerability researches
Qubely – Advanced Gutenberg Blocks (CVE-2024-9601) , Feb 19, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2024-13228) , Mar 11, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2025-26767) , Feb 18, 2025
Qubely – Advanced Gutenberg Blocks (CVE-2021-24916) , Jun 07, 2024
Qubely – Advanced Gutenberg Blocks (CVE-2021-25013) , Jun 07, 2024
New vulnerability
List Mixcloud (CVE-2025-28930) , Mar 13, 2025
Block Spam By Math Reloaded (CVE-2025-28872) , Mar 13, 2025
Block Spam By Math Reloaded (CVE-2025-28871) , Mar 13, 2025
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap (CVE-2024-13615) , Mar 13, 2025
Easy Image Display (CVE-2025-28919) , Mar 13, 2025