CVE-2025-4955

Medium CVSS: 4.7

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

Vendor

Amauri

Product

Tarteaucitron.io

CWE

CWE-79

Yayın Tarihi

2025-06-18 06:15:28

Güncelleme

2025-07-02 19:25:30

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Tarteaucitron.io MEDIUM Amauri 2025

Referanslar

https://wpscan.com/vulnerability/b84a73a4-7e9b-4994-a9bb-ad47f7cf45da/

Benzer Kayıtlar

Medium

CVE-2026-22809

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (R…

Medium

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in…

Medium

CVE-2025-31138

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior t…

Medium

CVE-2025-31475

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior t…

Medium

CVE-2025-31476

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowi…

High

CVE-2024-13888

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This i…