2.1.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-11	CVE-2024-6256	Cross-site Scripting vulnerability in Smashballoon Feeds for Youtube The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity smashballoon CWE-79	5.4