CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

PT-2026-41635

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

CVE-2026-1825

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2026-10135

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-45653

Cross-Site Request Forgery CSRF vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin = 6.0 versions...

EUVD-2017-1493

Malware in sbrugna...

EUVD-2023-49944

Malicious code in bioql PyPI...

EUVD-2023-57405

Malicious code in bioql PyPI...

EUVD-2023-54682

Malicious code in bioql PyPI...

EUVD-2022-46638

Malicious code in bioql PyPI...

EUVD-2024-33780

Malicious code in bioql PyPI...

CVE-2025-52802

Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through = 2.1...

CVE-2021-24414

The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode...

CVE-2017-1000224

CSRF in YouTube WordPress plugin could allow unauthenticated attacker to change any setting within the plugin...

CVE-2022-43642

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TC...

CVE-2024-11355 Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Exposure

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getsetting function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-11354 Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delytsingvid function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

WordPress Feeds for YouTube Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Feeds for YouTube Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6256 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb0b7eea4059 Credits Webbernaut Required...

WordPress Playlist for Youtube Plugin <= 1.32 is vulnerable to Cross Site Scripting (XSS)

Software Playlist for Youtube Type Plugin Vulnerable versions = 1.32 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3937 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ac237d034628 Credits Erdemstar Required...

WordPress Plugin DSGVO Youtube 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...