Lucene search

K
patchstackIstván MártonPATCHSTACK:6A9E52699518E0299B538B7737D0439E
HistoryJan 16, 2023 - 12:00 a.m.

WordPress YourChannel: Everything you want in a YouTube Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

2023-01-1600:00:00
István Márton
patchstack.com
2
wordpress
yourchannel
cross site scripting
xss
vulnerable
patched
cve-2023-0282
high priority

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

Software

YourChannel: Everything you want in a YouTube

Type

Plugin

Vulnerable versions

< 1.2.2

Fixed in

1.2.2

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Classification

Cross Site Scripting (XSS)

CVE

CVE-2023-0282

Patch priority

High

CVSS severity

High (6.5)

Developer

Claim ownership

PSID

bf43a58f39a3

Credits

István Márton István Márton

Required privilege

Subscriber

Published

16 January, 2023

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
plugin_buildersyourchannel\Match_everything_you_want_in_a_youtube
VendorProductVersionCPE
plugin_buildersyourchannel\_everything_you_want_in_a_youtubecpe:2.3:a:plugin_builders:yourchannel\:_everything_you_want_in_a_youtube:*:*:*:*:*:*:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

Related for PATCHSTACK:6A9E52699518E0299B538B7737D0439E