The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wphowto | flowplayer_video_player | * |
The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wphowto | videojs_html5_player | * |