Vulnerabilities > CVE-2023-0446 - Unspecified vulnerability in MY Youtube Channel Project MY Youtube Channel 3.0.12.1

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
my-youtube-channel-project

Summary

The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vulnerable Configurations

Part Description Count
Application
My_Youtube_Channel_Project
1