WordPress Plugin Vulnerabilities

YouTube Playlist Player < 4.6.8 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
youtube-playlist-player
Fixed in 4.6.8

References

CVE
CVE-2023-45049

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
891016ac-15fd-4d4d-985f-b0e5ae24863d

Timeline

Publicly Published
2023-10-18 (about 2 years ago)
Added
2023-10-18 (about 2 years ago)
Last Updated
2023-10-18 (about 2 years ago)

Other

Published
Title
Published
2017-05-01
Title
Dave's WordPress Live Search <= 4.5 - Reflected Cross-Site Scripting (XSS)
Published
2025-12-31
Title
Logo Slider , Logo Carousel , Logo showcase , Client Logo <= 1.8.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2017-03-01
Title
Gwolle Guestbook <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2026-02-18
Title
Drift <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title
Published
2024-11-18
Title
WooCommerce Price Alert <= 1.0.4 - Reflected Cross-Site Scripting