Cross site request forgery (csrf)

2021-08-0521:15:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1.

CPENameOperatorVersion
youtube_feederle2.0.1

CPE	Name	Operator	Version
	youtube_feeder	le	2.0.1

References

plugins.trac.wordpress.org/browser/youtube-feeder/trunk/youtube-feeder.php

www.wordfence.com/vulnerability-advisories/