Thanks for reply. I’m sorry for all this mess, but I can’t figure out who is responsible for fixing this.
On kaltura site I’ve found ‘contact us’ and send them a message, but kaltura looks like a big portal and wordpress plugin is only one of 1000 things they are baking.
This who use this plugin must be warned because it is a serious security hole. The injected javascript can be hidden in innocent-looking post and do nasty things as account hijacking (via cookie stealing), removing articles/posts (via calling delete actions when triggered by logged admin), posting spam as registered user/admin, screwing site look (by manipulating DOM) etc. Comment moderation is no help, you should disable this plugin.
