cleantalk
Vulnerabilities and Security Researches

S3Player – WooCommerce & Elementor Integration, CVE-2024-13865

CVE, Research URL

CVE-2024-13865

Home page URL

Security reports for S3Player – WooCommerce & Elementor Integration

Application

S3Player – WooCommerce & Elementor Integration

Published on
May 16, 2025
Research Description
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.
Affected versions
Min -, max 4.2.1.
Status
vulnerable
Previous vulnerability researches
SB Chart block (CVE-2025-3661) , Apr 20, 2025
New vulnerability
HD Quiz (CVE-2024-13383) , May 17, 2025
AffiliateImporterEb (CVE-2024-12733) , May 17, 2025
AffiliateImporterEb (CVE-2024-12732) , May 17, 2025
Broadstreet (CVE-2025-48113) , May 17, 2025
Prisna GWT – Google Website Translator (CVE-2024-12679) , May 17, 2025