4 matches found
CVE-2024-6256
The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2023-4841
The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...
CVE-2024-6256
CVE-2024-6256 affects the WordPress plugin Feeds for YouTube (YouTube video, channel, and gallery). The issue is a Stored XSS in the youtube-feed shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated attackers with contri...
PT-2024-37488 · WordPress · Feeds For Youtube
Name of the Vulnerable Software and Affected Versions: The Feeds for YouTube plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode due to insufficient input sanitization and output...