WordPress Feeds for YouTube Pro plugin <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal vulnerability

Unauthenticated Arbitrary File Read via Path Traversal vulnerability discovered by LionTree in WordPress Plugin YouTube Feed Pro versions = 2.6.0...

CVE-2025-64635 WordPress Feeds for YouTube plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through = 2.4.0...

PT-2025-51406

Name of the Vulnerable Software and Affected Versions Syed Balkhi Feeds for YouTube versions through 2.4.0 Description An authorization issue exists in Syed Balkhi Feeds for YouTube that allows exploitation of incorrectly configured access control security levels. Recommendations Update Syed Balk...

EUVD-2024-47379

Malicious code in bioql PyPI...

CVE-2024-6256 Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...