CVE-2025-9203 in Media Player Addons for Elementor PluginИнформация

Сводка

по MITRE • 17.09.2025

The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitle_ssize', 'track_title', and 'track_artist_name' parameters in version 1.0.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Раскрытие

17.09.2025

Модерация

принято

Вход

VDB-324583

EPSS

0.00231

KEV

Нет

Деятельности

Очень низкий

Источники

Might our Artificial Intelligence support you?

Check our Alexa App!