What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through <= 1.163.
Explanation of Vulnerability in Simple Terms
02Summary
Post Video Players versions 1.163 and earlier contain an exposure of sensitive information vulnerability. An authenticated user with low privileges can read data not intended for them through the application. The vulnerability requires network access but no user interaction. Update to a version newer than 1.163 to remediate.
What an attacker can do
03Attacker Capabilities
Read sensitive data not intended for their access level.
Potential impact on your site
04Site Impact
Authenticated users can access confidential information beyond their permission level.
Conditions required to exploit
05Prerequisites
Attacker must be authenticated with low-level user privileges and have network access.
Key dates
06Disclosure timeline
December 31, 2025
CVE published
April 28, 2026
Record updated