mediaelementjs mediaelement.js CVE Vulnerabilities (3)

CVEs: 3 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting mediaelementjs mediaelement.js (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2022-4699	The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.	[email protected]	5.4	0.53%	2023-01-30	2025-04-21
CVE-2016-4567	Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."	[email protected]	6.1	6.40%	2016-05-22	2026-05-06
CVE-2013-1967	Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.	[email protected]	4.3	2.21%	2014-02-05	2026-04-29

cvelogic Threat Intelligence