3 matches found
CVE-2022-1334
The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1334 WP YouTube Live < 1.8.3 - Admin+ Stored Cross Site Scripting
The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1334
The CVE-2022-1334 entry concerns the WordPress WP YouTube Live plugin (versions before 1.8.3). The vulnerability stems from insufficient validation, sanitization, and escaping of multiple settings, enabling Cross-Site Scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_ht...