- Description
- The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Source
- contact@wpscan.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 3.5
- Impact score
- 2.5
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
- Severity
- LOW
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
🚨 Critical Fedora 42 vulnerability alert! CVE-2025-0692dfc833 in Perl-FCGI allows RCE 🔧 Patch NOW: sudo dnf upgrade perl-FCGI 📊 Enterprise impact analysis → Read more: 👇https://t.co/CtMKSNp89u #LinuxSecurity #SysAdmin https://t.co/QYk39Xdhmr
@Cezar_H_Linux
6 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0692 Stored XSS in Simple Video Management System WordPress Plu... https://t.co/O5n9GiiNo8 Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
13 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:maximize:simple_video_management_system:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "E4F87B60-AD1E-4476-83B5-5E19D910A216",
"versionEndIncluding": "1.0.4"
}
],
"operator": "OR"
}
]
}
]