CVE-2022-4833

Summary: CVE-2022-4833 affects the YourChannel WordPress plugin (pre-1.2.3). The vulnerability stems from not validating/escaping shortcode attributes before output, enabling a stored XSS via shortcodes by users with as little as Contributor privileges, potentially impacting admins and other high...

CVE-2023-1865

CVE-2023-1865 affects YourChannel for WordPress up to version 1.2.3. It is due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter, enabling unauthenticated attackers to delete YouTube channels from the plugin. Impact: unauthorized data loss (LOW/LOW in CVS...

CVE-2023-1869

CVE-2023-1869 affects the YourChannel WordPress plugin. It is a Stored Cross-Site Scripting vulnerability in admin settings for versions up to 1.2.5, exploitable by authenticated users with administrative-level permissions (and higher) on multisite installations or where unfiltered_html is disabl...

CVE-2023-1867

CVE-2023-1867 affects the YourChannel WordPress plugin (versions

CVE-2023-0282

The CVE-2023-0282 entry concerns the YourChannel WordPress plugin prior to version 1.2.2, where not sanitizing/escaping certain parameters enables Cross-Site Scripting by users with Subscriber privileges. The vulnerability affects the plugin before 1.2.2 and can be mitigated by upgrading to versi...

CVE-2023-1868

CVE-2023-1868 affects the YourChannel WordPress plugin (versions

CVE-2023-1870

The CVE refers to CVE-2023-1870 affecting YourChannel for WordPress (

CVE-2023-1866

CVE-2023-1866 concerns the YourChannel WordPress plugin (

CVE-2023-1871

CVE-2023-1871 refers to the YourChannel WordPress plugin (