The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail= | Patch Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/d979f899-8cdc-4230-b1b5-865c025dc86a | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
CWE |
01 Feb 2023, 14:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
My Youtube Channel Project
My Youtube Channel Project my Youtube Channel |
|
CPE | cpe:2.3:a:my_youtube_channel_project:my_youtube_channel:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/d979f899-8cdc-4230-b1b5-865c025dc86a - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail= - Patch, Third Party Advisory |
23 Jan 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-23 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0446
Mitre link : CVE-2023-0446
CVE.ORG link : CVE-2023-0446
JSON object : View
Products Affected
my_youtube_channel_project
- my_youtube_channel
CWE
No CWE.