Sunil Nanda Blue Wrench Video Widget vulnerabilities
2 known vulnerabilities affecting sunil_nanda/blue_wrench_video_widget.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2013-6797P3MEDIUMCVSS 6.8PoC≤ 1.0.5v1.0.0+4 more2013-11-19
CVE-2013-6797 [MEDIUM] CWE-352 CVE-2013-6797: Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Vi
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding
nvd
CVE-2025-23809P4HIGHCVSS 7.1≤ 2.1.02025-01-22
CVE-2025-23809 [HIGH] CWE-79 CVE-2025-23809: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sunil Nanda Blue Wrench Video Widget blue-wrench-videos-widget allows Reflected XSS.This issue affects Blue Wrench Video Widget: from n/a through <= 2.1.0.
nvd