Vulnerabilities > CVE-2021-24540 - Unspecified vulnerability in Wonderplugin Wonder Video Embed
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |