cleantalk
Vulnerabilities and Security Researches

Cincopa video and media plug-in, ee7ba21e902a001f6add53b20020ff6f4ee03467

CVE, Research URL

ee7ba21e902a001f6add53b20020ff6f4ee03467

Home page URL

Security reports for Cincopa video and media plug-in

Application

Cincopa video and media plug-in

Published on
Aug 25, 2015
Research Description
Cincopa video and media plug-in [video-playlist-and-gallery-plugin] < 1.137 Cincopa video and media plug-in < 1.137 - Cross-Site Request Forgery to Stored Cross-Site Scripting The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery via the ‘cincopaafc’ parameter in versions before 1.137 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.137.
Status
vulnerable
Previous vulnerability researches
Cincopa video and media plug-in (8a9cb7c8b9bae1d383bc2ee1daa00183e22413ab) , Jun 07, 2024
Cincopa video and media plug-in (CVE-2026-10092) , Jun 25, 2026
Cincopa video and media plug-in (CVE-2024-23515) , Jun 07, 2024
Cincopa video and media plug-in (CVE-2015-10109) , Jun 07, 2024
Cincopa video and media plug-in (ee7ba21e902a001f6add53b20020ff6f4ee03467) , Jun 16, 2026
New vulnerability
AdRotate Banner Manager &#8211; The only ad manager you&#039;ll need (CVE-2026-12242) , Jun 25, 2026
Restaurant Menu and Food Ordering (CVE-2026-54835) , Jun 25, 2026
Avalon23 Products Filter for WooCommerce (CVE-2026-8865) , Jun 25, 2026
WC Vendors &#8211; WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors (CVE-2026-54838) , Jun 25, 2026
ClearSale Total (CVE-2026-8705) , Jun 25, 2026