cleantalk
Vulnerabilities and Security Researches

Wonder Video Embed, CVE-2021-24540

CVE, Research URL

CVE-2021-24540

Home page URL

Security reports for Wonder Video Embed

Application

Wonder Video Embed

Published on
Aug 16, 2021
Research Description
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
Affected versions
Min -, max 1.8.
Status
vulnerable
Previous vulnerability researches
Wonder Video Embed (CVE-2024-13743) , Feb 20, 2025
Wonder Video Embed (CVE-2021-24540) , Jun 07, 2024
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025