YouTube Embed <= 11.8.1 – Cross-Site Request Forgery (CSRF) | CVE 2017-1000224

Affects Plugins

youtube-embed-plus

Fixed in 11.8.2

References

CVE

CVE-2017-1000224

URL

https://advisories.dxw.com/advisories/csrf-in-youtube-plugin/

URL

https://seclists.org/fulldisclosure/2017/Jul/64

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

6.5 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

ae5471d7-d252-4101-a3d0-8e4d134e704d

Timeline

Publicly Published

2017-07-25 (about 8 years ago)

Added

2017-07-28 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-04-11

Title

Siteimprove < 2.0.7 - Cross-Site Request Forgery

Published

2022-09-01

Title

Captcha Code < 2.8 - Settings Update via CSRF

Published

2024-12-12

Title

Wp Login with Ajax <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-06-05

Title

Bitly URL Shortener < 1.5.0 - Cross-Site Request Forgery

Published

2024-08-23

Title

Favicon Generator < 2.1 - Cross-Site Request Forgery to Arbitrary File Deletion