CVE-2025-68599

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

EUVD-2025-205236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

CVE-2025-68599 WordPress YouTube Embed plugin <= 5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

PT-2025-53287

Name of the Vulnerable Software and Affected Versions Embeds For YouTube Plugin Support YouTube Embed versions through 5.4 Description The YouTube Embed plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This allo...

EUVD-2021-11383

Malware in sbrugna...

EUVD-2021-11376

Malware in sbrugna...

EUVD-2025-22980

Malicious code in bioql PyPI...

EUVD-2025-10653

Malicious code in bioql PyPI...

CVE-2025-6692

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-6692

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-6692 YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-6692

Summary of CVE-2025-6692 (YouTube Embed – WordPress) The vulnerability affects the YouTube Embed plugin for WordPress (versions up to and including 10.3). It is a Stored Cross-Site Scripting (Stored XSS) flaw in the handling of the “instance” parameter, caused by insufficient input sanitization a...

PT-2025-31184 · WordPress · Youtube Embed

Name of the Vulnerable Software and Affected Versions: YouTube Embed plugin for WordPress versions prior to 10.4 Description: The YouTube Embed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the instance parameter. Insufficient input sanitization and output escaping...

CVE-2025-31008

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.3.1...

CVE-2025-31008

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.3.1...

CVE-2025-31008

CVE-2025-31008 is an authenticated, stored XSS affecting the YouTube embeds for WordPress plugin (Embeds for YouTube). Public details in Wordfence indicate an authenticated (Admin+) Stored Cross-Site Scripting vulnerability in Embeds for YouTube, with affected range including version up to 5.3.1....

PT-2025-15724 · Unknown · Youtube Embed

Name of the Vulnerable Software and Affected Versions: YouTube Embed versions n/a through 5.3.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability in the YouTube...

WordPress plugin YouTube Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Lightweight and Responsive Youtube Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2021-24464

The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue...