Vulnerabilities > CVE-2023-0447 - Unspecified vulnerability in MY Youtube Channel Project MY Youtube Channel 3.0.12.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://plugins.trac.wordpress.org/browser/youtube-channel/trunk/youtube-channel.php?rev=2482795#L1502
- https://plugins.trac.wordpress.org/browser/youtube-channel/trunk/youtube-channel.php?rev=2482795#L1502
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/486b6a75-d101-4f3a-8436-6c23dd0ff200
- https://www.wordfence.com/threat-intel/vulnerabilities/id/486b6a75-d101-4f3a-8436-6c23dd0ff200