Vulnerabilities > Video Player FOR Youtube Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-25 | CVE-2021-24414 | Cross-site Scripting vulnerability in Video Player for Youtube Project Video Player for Youtube The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | 3.5 |