MEDIUM
esiteq
CVE published 2026-05-27
CVE-2026-8877
A stored cross-site scripting (XSS) vulnerability exists in the Responsive Video Embedder WordPress plugin, affecting versions up to and including 0.1. The flaw resides in the plugin's `video_shortcode()` function, which fails to sanitize or escape user-supplied attributes—specifically the 'id' and 'list' parameters—before concatenating them into an HTML iframe's src attribute. This allows authenticated a [truncated]