10 matches found
CVE-2025-11811
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11811
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11811
CVE-2025-11811 covers the WordPress plugin Simple Youtube Shortcode . The vulnerability is a Stored XSS in the shortcode param embed_youtube, caused by insufficient input sanitization and output escaping on the id attribute in versions up to and including 1.1.3. An attacker with contributor+ priv...
CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
EUVD-2021-11307
Malware in sbrugna...
CVE-2021-24395
The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
WordPress SQL Injection Vulnerability (CNVD-2021-70738)
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Embed Youtube Video 1.0 and earlier versions are vulnerable to SQL injection, which...
CVE-2021-24395
The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2021-24395
The CVE-2021-24395 entry describes an SQL injection in the WordPress plugin “Embed Youtube Video” (<= 1.0) caused by the editid GET parameter being unsanitized, escaped, or validated before SQL statement insertion. Affected software: WordPress plugin Embed Youtube Video, version
WordPress 插件 SQL注入漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Embed Youtube Video 1.0 and earlier versions are vulnerable to SQL injection, which...