Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by wp_youtube_live_project
CVE-2022-1334 (GCVE-0-2022-1334)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:30 – Updated: 2024-08-03 00:03
VLAI
Title
WP YouTube Live < 1.8.3 - Admin+ Stored Cross Site Scripting
Summary
The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/af3b32c9-f386-4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP YouTube Live |
Affected:
1.8.3 , < 1.8.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP YouTube Live",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "1.8.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vinay Varma Mudunuri"
},
{
"lang": "en",
"value": "Krishna Harsha Kondaveeti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:30:46.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP YouTube Live \u003c 1.8.3 - Admin+ Stored Cross Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1334",
"STATE": "PUBLIC",
"TITLE": "WP YouTube Live \u003c 1.8.3 - Admin+ Stored Cross Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP YouTube Live",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.8.3",
"version_value": "1.8.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vinay Varma Mudunuri"
},
{
"lang": "eng",
"value": "Krishna Harsha Kondaveeti"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1334",
"datePublished": "2022-05-16T14:30:47.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}