WordPress Plugin Vulnerabilities

YouTube Embed < 3.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The YouTube Embed WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
youtube-embed
Fixed in 3.3.3

References

CVE
CVE-2015-6535
URL
https://packetstormsecurity.com/files/#133340/
URL
https://seclists.org/bugtraq/2015/Aug/146
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_youtube_embed_xss_scanner.rb

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
fdf636dc-caf2-4433-9be1-22fa5ad8f5c2

Timeline

Publicly Published
2015-08-26 (about 10 years ago)
Added
2015-08-26 (about 10 years ago)
Last Updated
2021-07-02 (about 4 years ago)

Other

Published
Title
Published
2015-04-20
Title
Ninja Forms <= 2.9.10 - Cross-Site Scripting (XSS)
Published
2024-09-30
Title
BA Book Everything < 1.6.21 - Reflected Cross-Site Scripting
Published
2023-10-18
Title
WP Simple HTML Sitemap < 2.6 - Contributor+ Stored XSS
Published
2022-11-03
Title
Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS
Published
2022-01-19
Title
Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting