4 matches found
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
EUVD-2026-3158
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
PT-2026-3336
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby check wp submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it...