DO NOT USE! Cross-site Scripting (XSS) in this plugin
-
A cross-site scripting vulnerability was found in MediaElement.jsin versions <=2.11.1. See https://www.cvedetails.com/cve/CVE-2013-1967/
The last update to this plugin was in January 2013, and the security fix for MediaElement.js was put into place in April 2013.
DO NOT USE this plugin unless it is updated. I just had my client’s site severely hacked and this was the weak point.
https://www.ads-software.com/plugins/media-element-html5-video-and-audio-player/
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘DO NOT USE! Cross-site Scripting (XSS) in this plugin’ is closed to new replies.
