Tarteaucitron.Io

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-4955 MEDIUM POC PATCH This Month

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

WordPress XSS Tarteaucitron.Io PHP

NVD WPScan

CVSS 3.1

4.7

EPSS

0.1%

CVE-2025-4955

EPSS 0% CVSS 4.7

MEDIUM POC PATCH This Month

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

WordPress XSS Tarteaucitron.Io +1

NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy