Oembed
1 CVEs
product
Monthly
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Oembed
NVD
GitHub
CVSS 3.0
9.8
EPSS
1.8%
EPSS 2%
CVSS 9.8
CRITICAL
PATCH
Act Now
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Oembed
NVD
GitHub