Cross-Site Scripting Vulnerability in YouTube Embed Plugin for WordPress
CVE-2015-6535
Currently unrated
Summary
A cross-site scripting (XSS) vulnerability exists in the YouTube Embed plugin for WordPress prior to version 3.3.3. This security flaw allows remote administrators to inject arbitrary web script or HTML through the Profile name field (specifically the youtube_embed_name parameter). Exploiting this vulnerability could enable malicious actors to compromise the integrity of WordPress sites, posing a significant risk to both administrators and end users.
References
Timeline
Vulnerability published
Vulnerability Reserved