Lucene search
K

4 matches found

NVD
NVD
added 2023/09/14 3:15 a.m.25 views

CVE-2023-4841

The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...

6.4CVSS5.7AI score0.00469EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/14 2:29 a.m.7 views

CVE-2023-4841 Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...

6.4CVSS6.8AI score0.00469EPSS
Exploits1References3
CVE
CVE
added 2023/09/14 2:29 a.m.53 views

CVE-2023-4841

CVE-2023-4841 affects the Feeds for YouTube for WordPress plugin. Vulnerable in versions up to 2.1 due to insufficient input sanitization/output escaping in the youtube-feed shortcode, allowing authenticated users with contributor+ rights to inject XSS. Remediation: update to version 2.1.2 (patch...

6.4CVSS6.8AI score0.00469EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.16 views

WordPress Feeds for YouTube Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Feeds for YouTube Type Plugin Vulnerable versions = 2.1 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4841 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9fd258b26a01 Credits Lana Codes Required...

6.4CVSS6AI score0.00469EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder