Wpdevart: >> Youtube Embed, Playlist And Popup >> 1.0.3 Security Vulnerabilities
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-06
The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-02