Lucene search

K

Youtube Security Vulnerabilities

cve
cve

CVE-2024-4551

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...

6.4CVSS

6.8AI Score

EPSS

2024-06-15 09:15 AM
3
cve
cve

CVE-2024-4258

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS

9.8AI Score

EPSS

2024-06-15 09:15 AM
5
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
10
cve
cve

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 09:15 AM
24
cve
cve

CVE-2024-3937

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.6AI Score

0.0004EPSS

2024-05-29 06:18 AM
23
cve
cve

CVE-2024-1803

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions...

4.3CVSS

6.4AI Score

0.0004EPSS

2024-05-23 01:15 PM
55
cve
cve

CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....

5.3CVSS

6.6AI Score

0.0005EPSS

2024-05-21 12:15 PM
29
cve
cve

CVE-2024-4316

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
3
cve
cve

CVE-2024-34377

Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-05-06 07:15 PM
33
cve
cve

CVE-2024-2663

The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

8.3CVSS

6.6AI Score

0.0005EPSS

2024-04-30 09:15 AM
26
cve
cve

CVE-2024-32596

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric-Oliver Mächler DSGVO Youtube allows Stored XSS.This issue affects DSGVO Youtube: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-04-18 09:15 AM
37
cve
cve

CVE-2023-6805

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers,....

6.4CVSS

6.4AI Score

0.0004EPSS

2024-04-17 01:15 PM
30
cve
cve

CVE-2024-3244

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14.....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
22
cve
cve

CVE-2023-6877

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on....

6.4CVSS

6.1AI Score

0.0004EPSS

2024-04-07 02:15 AM
36
cve
cve

CVE-2024-3245

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-06 03:15 AM
27
cve
cve

CVE-2024-2688

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to...

5.4CVSS

7.6AI Score

0.0004EPSS

2024-03-23 03:15 AM
32
cve
cve

CVE-2024-2468

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and.....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-23 03:15 AM
32
cve
cve

CVE-2024-1802

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

6.4CVSS

6AI Score

0.0004EPSS

2024-03-07 09:15 PM
28
cve
cve

CVE-2024-2128

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....

6.4CVSS

6AI Score

0.0004EPSS

2024-03-07 08:15 PM
25
cve
cve

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input.....

6.4CVSS

6AI Score

0.0004EPSS

2024-02-29 01:43 AM
37
cve
cve

CVE-2024-1349

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-02-29 01:43 AM
43
cve
cve

CVE-2024-1318

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-02-29 01:43 AM
43
cve
cve

CVE-2024-1317

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS

8.6AI Score

0.0004EPSS

2024-02-29 01:43 AM
54
cve
cve

CVE-2024-1092

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-05 10:16 PM
12
cve
cve

CVE-2023-6801

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS

5.2AI Score

0.0004EPSS

2024-01-06 10:15 AM
15
cve
cve

CVE-2023-6798

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-01-06 10:15 AM
15
cve
cve

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient...

6.4CVSS

5.2AI Score

0.001EPSS

2024-01-03 07:15 AM
18
cve
cve

CVE-2023-49180

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through...

5.9CVSS

5.4AI Score

0.0004EPSS

2023-12-15 03:15 PM
41
cve
cve

CVE-2023-48281

Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through...

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-30 02:15 PM
43
cve
cve

CVE-2023-25987

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Urošević My YouTube Channel plugin <= 3.23.3...

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-22 06:15 PM
14
cve
cve

CVE-2023-47688

Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3...

8.8CVSS

8.8AI Score

0.001EPSS

2023-11-16 10:15 PM
54
cve
cve

CVE-2023-45069

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through...

9.8CVSS

9.8AI Score

0.001EPSS

2023-11-06 09:15 AM
48
cve
cve

CVE-2020-36758

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update...

4.3CVSS

4.2AI Score

0.001EPSS

2023-10-20 08:15 AM
18
cve
cve

CVE-2023-45049

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7...

6.5CVSS

5.2AI Score

0.0004EPSS

2023-10-18 08:15 AM
23
cve
cve

CVE-2023-45653

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-16 09:15 AM
31
cve
cve

CVE-2023-40558

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-03 02:15 PM
22
cve
cve

CVE-2023-5063

The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.2AI Score

0.001EPSS

2023-09-20 03:15 AM
36
cve
cve

CVE-2023-4841

The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.3AI Score

0.001EPSS

2023-09-14 03:15 AM
24
cve
cve

CVE-2023-28693

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <= 1.0...

7.1CVSS

6AI Score

0.0005EPSS

2023-08-17 03:15 PM
17
cve
cve

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or.....

5.4CVSS

4.6AI Score

0.001EPSS

2023-08-10 12:15 PM
15
cve
cve

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.2AI Score

0.001EPSS

2023-08-10 12:15 PM
14
cve
cve

CVE-2023-25475

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3...

8.8CVSS

8.7AI Score

0.001EPSS

2023-07-18 12:15 PM
16
cve
cve

CVE-2023-35934

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host....

8.2CVSS

8AI Score

0.001EPSS

2023-07-06 08:15 PM
30
cve
cve

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to...

7.5CVSS

7.6AI Score

0.001EPSS

2023-06-27 02:15 AM
14
cve
cve

CVE-2023-33931

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4...

8.8CVSS

9.1AI Score

0.001EPSS

2023-05-28 06:15 PM
17
cve
cve

CVE-2023-23797

Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3...

8.8CVSS

8.7AI Score

0.001EPSS

2023-05-22 11:15 AM
17
cve
cve

CVE-2023-25982

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5...

6.5CVSS

5.2AI Score

0.0005EPSS

2023-05-04 08:15 PM
13
cve
cve

CVE-2023-24002

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3...

5.9CVSS

4.8AI Score

0.001EPSS

2023-04-06 09:15 AM
20
cve
cve

CVE-2023-1868

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's....

6.5CVSS

6.1AI Score

0.001EPSS

2023-04-05 02:15 PM
35
cve
cve

CVE-2023-1866

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via.....

5.4CVSS

4.5AI Score

0.001EPSS

2023-04-05 02:15 PM
17
Total number of security vulnerabilities95