Cross-site Scripting Vulnerability in Bulk YouTube Post Creator by Syed Tahir Ali Jan
CVE-2025-49423

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bulk Youtube Post Creator
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-49423?

The Bulk YouTube Post Creator by Syed Tahir Ali Jan is impacted by a reflected cross-site scripting (XSS) vulnerability. This occurs due to improper handling of input during web page generation, allowing attackers to inject malicious scripts into web pages viewed by users. It is crucial for users of the affected version to implement security measures to mitigate the risk associated with this flaw.

Affected Version(s)

Bulk YouTube Post Creator <= 1.0

References

https://patchstack.com/database/wordpress/plugin/bulk-you...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Miki Iwamoto (Patchstack Alliance)