CVE-2022-4833

Summary: CVE-2022-4833 affects the YourChannel WordPress plugin (pre-1.2.3). The vulnerability stems from not validating/escaping shortcode attributes before output, enabling a stored XSS via shortcodes by users with as little as Contributor privileges, potentially impacting admins and other high...

CVE-2023-0282

The CVE-2023-0282 entry concerns the YourChannel WordPress plugin prior to version 1.2.2, where not sanitizing/escaping certain parameters enables Cross-Site Scripting by users with Subscriber privileges. The vulnerability affects the plugin before 1.2.2 and can be mitigated by upgrading to versi...