cleantalk
Vulnerabilities and Security Researches

YouTube Embed, CVE-2015-6535

CVE, Research URL

CVE-2015-6535

Home page URL

Security reports for YouTube Embed

Application

YouTube Embed

Published on
Aug 31, 2015
Research Description
Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).
Affected versions
Min -, max 3.3.3.
Status
vulnerable
Previous vulnerability researches
Lightweight and Responsive Youtube Embed (CVE-2025-31744) , Apr 03, 2025
Lightweight and Responsive Youtube Embed (CVE-2025-31743) , Apr 03, 2025
YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin (f882f4d53f70b01005aea496740cd89ed584864c) , Jun 07, 2024
YouTube Embed (CVE-2025-31008) , Apr 11, 2025
YouTube Embed (CVE-2021-24471) , Jun 06, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025