Yourchannel Security Vulnerabilities and Issues — Yourchannel CVE List

Lucene search

PluginYourchannel

9 matches found

CVE•added 2023/02/06 8:15 p.m.•58 views

CVE-2022-4833

The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks whic...

5.4CVSS5.3AI score0.00329EPSS

CVE•added 2023/04/05 2:15 p.m.•58 views

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels fr...

6.5CVSS6.5AI score0.00136EPSS

CVE•added 2023/04/05 2:15 p.m.•55 views

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged requ...

5.4CVSS4.5AI score0.00064EPSS

CVE•added 2023/04/05 2:15 p.m.•53 views

CVE-2023-1869

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and abov...

5.5CVSS6.2AI score0.00083EPSS

CVE•added 2023/04/05 2:15 p.m.•48 views

CVE-2023-1868

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's ...

6.5CVSS6.1AI score0.00133EPSS

CVE•added 2023/02/06 8:15 p.m.•45 views

CVE-2023-0282

The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2023/04/05 2:15 p.m.•44 views

CVE-2023-1866

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via a...

5.4CVSS4.5AI score0.00057EPSS

CVE•added 2023/04/05 2:15 p.m.•44 views

CVE-2023-1870

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language transla...

4.3CVSS4.5AI score0.0009EPSS

CVE•added 2023/04/05 2:15 p.m.•39 views

CVE-2023-1871

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin's quick language transl...

5.4CVSS4.5AI score0.0009EPSS