Description

Youtube Vimeo Video Player and Slider WP Plugin 3.8

✅ Key Features

• Supports embedding YouTube & Vimeo videos directly. (CodeCanyon)
• Customizable color schemes / skins etc., so the player/slider can fit your site’s design. (CodeCanyon)
• Option to automatically fetch video thumbnail, title, description from the video source (YouTube/Vimeo) to populate the slider. (CodeCanyon)

⚠️ Vulnerability / Security Issues

• The plugin up to version 3.8 (including 3.8) has a Reflected Cross-Site Scripting (XSS) vulnerability. (Wordfence)
• Identified in CVE-2025-48159. (Tenable®)
• Severity is considered High. (Tenable®)

🔧 What to Do / Precautions

• ✅ Update the plugin: If there is a newer version than 3.8 that has patched this vulnerability, update to that version immediately. (Tenable®)
• 🔐 Sanitize input: Make sure any video URLs, titles, descriptions passed or displayed are properly sanitized / escaped.
• 🔍 Limit who can upload or configure: Only trusted users (admins) should be allowed to place video embeds or change slider settings. Avoid letting untrusted users inject content.
• 🛡 Use Web Application Firewall (WAF) or Security Plugin: Use tools that detect or block XSS attack patterns.
• 💾 Backup your site & data before performing updates.