4 matches found
CVE-2023-4841
The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...
CVE-2023-4841 Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...
CVE-2023-4841
CVE-2023-4841 affects the Feeds for YouTube for WordPress plugin. Vulnerable in versions up to 2.1 due to insufficient input sanitization/output escaping in the youtube-feed shortcode, allowing authenticated users with contributor+ rights to inject XSS. Remediation: update to version 2.1.2 (patch...
WordPress Feeds for YouTube Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)
Software Feeds for YouTube Type Plugin Vulnerable versions = 2.1 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4841 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9fd258b26a01 Credits Lana Codes Required...