CVE-2025-53261
Description
Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live wp-youtube-live allows Cross Site Request Forgery.This issue affects WP YouTube Live: from n/a through <= 1.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in WP YouTube Live plugin (<=1.10.0) allows attackers to force privileged users to execute unwanted actions.
The WP YouTube Live plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 1.10.0 [1]. The vulnerability exists due to missing or insufficient nonce validation, allowing an attacker to craft malicious requests that can be executed by a privileged user.
Exploitation requires user interaction, such as a logged-in administrator clicking a malicious link or visiting a crafted page [1]. This can be leveraged in mass-exploit campaigns targeting thousands of sites without needing authentication.
A successful CSRF attack could force the victim to perform unintended actions under their current session, such as modifying plugin settings or executing administrative tasks [1]. This could lead to site compromise or further exploitation.
The vulnerability is resolved in version 1.10.1. Users are strongly advised to update immediately [1]. No other workarounds are provided.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.10.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.