CVE-2022-1334 WP YouTube Live < 1.8.3 - Admin+ Stored Cross Site Scripting

2022-05-1614:30:47

CWE-79

WPScan

www.cve.org

cve-2022-1334

wordpress

plugin

admin

cross site scripting

EPSS

0.001

Percentile

24.8%

JSON

The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CNA Affected

[
  {
    "product": "WP YouTube Live",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.8.3",
        "status": "affected",
        "version": "1.8.3",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2022-1334