WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

CVE	CVE-2025-48170
State	PUBLISHED
Assigner	Patchstack
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-08-20 08:15:33 UTC
Updated	2026-04-01 17:24:30 UTC
Description	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.

Problem Types: CWE-79 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Source	Vendor	Product	Version	Platforms
CNA	LambertGroup	Universal Video Player - Addon For WPBakery Page Builder	affected 3.2.1 custom	Not specified

Reference	Source	Link	Tags
patchstack.com/database/Wordpress/Plugin/lbg-universal-video-player-addon-vi...	[email protected]	patchstack.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program (en)

There are currently no legacy QID mappings associated with this CVE.