CVE-2024-11354 Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delytsingvid function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

WordPress Ultimate YouTube Video & Shorts Player With Vimeo plugin <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Playlist/Video Deletion vulnerability discovered by Mika in WordPress Plugin Ultimate YouTube Video & Shorts Player With Vimeo versions = 3.3...

WordPress GamiPress – Vimeo integration Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress – Vimeo integration Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0154 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID eece071753de Credits Lana...