CVE-2022-50949

WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers through the plugin options panel to execute arbitrary JavaScript when administrators view or edit video settings.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

A-J-Evolution · Videos sync PDF

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/50874unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/50874 https://www.vulncheck.com/advisories/wordpress-plugin-videos-sync-pdf-stored-xss http://www.a-j-evolution.com/