汇总 s3bubble 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 跨站脚本与路径处理缺陷 等问题,部分漏洞可能导致 会话劫持,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-13865 | The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | [email protected] | 6.1 | 0.27% | 2025-05-15 | 2026-06-17 |
| CVE-2024-13862 | The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | [email protected] | 7.1 | 0.25% | 2025-03-11 | 2026-06-17 |
| CVE-2015-9463 | The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | [email protected] | 7.5 | 4.13% | 2019-10-10 | 2026-06-16 |
| CVE-2015-9464 | The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | [email protected] | 7.5 | 3.72% | 2019-10-10 | 2026-06-16 |