Cross-Site Scripting Vulnerability in YouTube Embed Plugin for WordPress
CVE-2015-6535
Currently unrated
What is CVE-2015-6535?
A cross-site scripting (XSS) vulnerability exists in the YouTube Embed plugin for WordPress prior to version 3.3.3. This security flaw allows remote administrators to inject arbitrary web script or HTML through the Profile name field (specifically the youtube_embed_name parameter). Exploiting this vulnerability could enable malicious actors to compromise the integrity of WordPress sites, posing a significant risk to both administrators and end users.