cleantalk
Vulnerabilities and Security Researches

Feeds for YouTube (YouTube video, channel, and gallery plugin), CVE-2026-1631

CVE, Research URL

CVE-2026-1631

Home page URL

Security reports for Feeds for YouTube (YouTube video, channel, and gallery plugin)

Application

Feeds for YouTube (YouTube video, channel, and gallery plugin)

Published on
May 18, 2026
Research Description
The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key.
Affected versions
max 2.6.4.
Status
vulnerable
Previous vulnerability researches
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2019-25213) , Oct 17, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2021-24830) , Jun 07, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2020-35935) , Jun 07, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2020-35934) , Jun 07, 2024
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More (CVE-2014-6059) , Jun 07, 2024
New vulnerability
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-6381) , May 19, 2026
BuddyPress (CVE-2020-37233) , May 19, 2026