4 matches found
WordPress StreamWeasels YouTube Integration plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin StreamWeasels YouTube Integration versions = 1.4.0...
CVE-2025-7811
creationtimestamp| type| source ---|---|--- 2025-07-29 07:05:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv3k6xwna72h...
CVE-2025-7811
The CVE-2025-7811 is for the WordPress plugin StreamWeasels YouTube Integration. It is a Stored Cross-Site Scripting (XSS) vulnerability via the data-uuid attribute in all versions up to 1.4.0, exploitable by authenticated attackers with contributor-level access and above. The impact is that arbi...
CVE-2025-7811 StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...