Feeds for YouTube (YouTube video, channel, and gallery plugin), 63d036bf8354801dd02167b4cc6a671f96fb03ce

CVE, Research URL: 63d036bf8354801dd02167b4cc6a671f96fb03ce
Home page URL: Security reports for Feeds for YouTube (YouTube video, channel, and gallery plugin)
Application: Feeds for YouTube (YouTube video, channel, and gallery plugin)
Published on: Jul 20, 2021
Research Description: Feeds for YouTube (YouTube video, channel, and gallery plugin) [feeds-for-youtube] < 1.4.2 Smash Balloon Plugins (Various Versions) - Reflected Cross-Site Scripting Several Smash Balloon Plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via URLs in various versions due to insufficient input sanitization and output escaping with the use of add_query_arg. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.4.2.
Status: vulnerable