Vulnerabilities and security researches foryoutube-channel youtube-channel

Jun 07, 2024

CVE, Research URL: CVE-2022-4756
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Feb 07, 2023
Research Description: The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: max 3.23.0.
Status: vulnerable

CVE, Research URL: CVE-2023-0447
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Jan 23, 2023
Research Description: The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.
Affected versions: max 3.23.0.
Status: vulnerable

CVE, Research URL: CVE-2023-0446
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Jan 23, 2023
Research Description: The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.23.0.
Status: vulnerable

CVE, Research URL: CVE-2023-25987
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Nov 22, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Urošević My YouTube Channel plugin <= 3.23.3 versions.
Affected versions: max 3.23.4.
Status: vulnerable

CVE, Research URL: 47554199ce7785d83bc6e32caf21f5de89aa14ca
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Jan 04, 2023
Research Description: My YouTube Channel [youtube-channel] < 3.23.0 My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.23.0.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 92fc65eb49e762e79cb87bdc7feb99561a92fd1a
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Jan 06, 2023
Research Description: My YouTube Channel [youtube-channel] < 3.23.0 WordPress YouTube Channel Plugin <= 3.0.12.1 is vulnerable to Broken Access Control Update the WordPress YouTube Channel plugin to the latest available version (at least 3.23.0). WordfenceTeam discovered and reported this Broken Access Control vulnerability in WordPress YouTube Channel Plugin. This vulnerability has been fixed in version 3.23.0.
Affected versions: max 3.23.0.
Status: vulnerable

CVE, Research URL: ac490a9722e882661a9fa27c15b8e0b1f9d0f371
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Feb 23, 2023
Research Description: My YouTube Channel [youtube-channel] < 3.23.4 My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion The My YouTube Channel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.23.3. This is due to missing or incorrect nonce validation on the clear_all_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 3.23.4.
Status: vulnerable

CVE, Research URL: cdd87436e7677426044b066d0dc84ae47a39ad2b
Home page URL: Security reports for My YouTube Channel
Application: My YouTube Channel
Date: Jan 04, 2023
Research Description: My YouTube Channel [youtube-channel] < 3.23.0 My YouTube Channel <= 3.0.12.1 - Missing Authorization The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.
Affected versions: max 3.23.0.
Status: vulnerable