cleantalk
Vulnerabilities and Security Researches

My YouTube Channel, ac490a9722e882661a9fa27c15b8e0b1f9d0f371

CVE, Research URL

ac490a9722e882661a9fa27c15b8e0b1f9d0f371

Home page URL

Security reports for My YouTube Channel

Application

My YouTube Channel

Published on
Feb 23, 2023
Research Description
My YouTube Channel [youtube-channel] < 3.23.4 My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion The My YouTube Channel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.23.3. This is due to missing or incorrect nonce validation on the clear_all_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 3.23.4.
Status
vulnerable
Previous vulnerability researches
Axact Author List Widget (64c0451c94de7e0131133a488609353b793f2348) , Jun 07, 2024
Axact Author List Widget (CVE-2025-22514) , Jan 15, 2025
Axact Author List Widget (b36562836dd76568d374ac032aa3b6cad3c82287) , Jun 16, 2026
Axact Author List Widget (f2497798-90dd-4f93-b6ff-31e02f8ca6fc) , Jun 16, 2026
New vulnerability
Open Graph and Twitter Card Tags (d2a6c41972461397c4b4fbb3e37ca688b3cdcef4) , Jun 16, 2026
Open Graph and Twitter Card Tags (94d86780b701970829bbefba21941f3d698e59be) , Jun 16, 2026
Open Graph and Twitter Card Tags (891309bc-6353-4a91-bcfe-4864df258913) , Jun 16, 2026
WP SPID Italia (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP SPID Italia (8e47b49f82b0505ac2a6ff60c7eaa2e7bf6393e0) , Jun 16, 2026