WordPress Youtube SpeedLoad Plugin <= 0.6.3 is vulnerable to Cross Site Request Forgery (CSRF)
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
Cross-Site Request Forgery (CSRF) vulnerability in YouTube SpeedLoad plugin <=0.6.3 allows attackers to perform unauthorized actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-Site Request Forgery (CSRF) vulnerability in YouTube SpeedLoad plugin <=0.6.3 allows attackers to perform unauthorized actions.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the YouTube SpeedLoad plugin for WordPress, affecting versions 0.6.3 and earlier [1]. The vulnerability allows an attacker to trick an authenticated administrator into performing unintended actions without their consent.
Exploitation
To exploit this vulnerability, an attacker must craft a malicious link or page that triggers a cross-site request when visited by an authenticated administrator. The attacker does not need authentication but relies on the victim's active session. The exact actions that can be triggered are not detailed in the available references, but CSRF typically enables modification of plugin settings or other administrative functions.
Impact
Successful exploitation allows an attacker to perform actions on behalf of the administrator, potentially leading to unauthorized changes in plugin configuration, privilege escalation, or other unintended operations. The full scope of impact is limited by the plugin's capabilities and the victim's privileges.
Mitigation
The plugin has been closed and removed from the WordPress.org plugin directory as of March 7, 2024 due to a security issue [1]. No patched version is available. Users should uninstall the plugin immediately and replace it with an alternative. No official workaround has been provided.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=0.6.3
- Alexufo/Youtube SpeedLoadv5Range: n/a
Patches
0youtube-speedloadThis plugin has been removed from the WordPress.org directory on 2024-03-07 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.