Cincopa Video And Media Plug In
Monthly
Stored cross-site scripting in the Cincopa video and media plug-in for WordPress (versions ≤1.163) allows unauthenticated commenters to inject persistent JavaScript via the [cincopa] shortcode processed by the comment_text filter. Any visitor or administrator viewing the affected post executes the attacker's script in their browser session. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Stored cross-site scripting in the Cincopa video and media plug-in for WordPress (versions ≤1.163) allows unauthenticated commenters to inject persistent JavaScript via the [cincopa] shortcode processed by the comment_text filter. Any visitor or administrator viewing the affected post executes the attacker's script in their browser session. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.