VYPR

Feeds For Youtube

by Smashballoon

CVEs (4)

  • CVE-2025-12002MedJan 17, 2026
    risk 0.38cvss 5.9epss 0.00

    The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby_check_wp_submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation.…

  • CVE-2024-6256MedJul 11, 2024
    risk 0.35cvss 6.4epss 0.00

    The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping…

  • CVE-2023-4841MedSep 14, 2023
    risk 0.35cvss 6.4epss 0.00

    The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2025-64635MedDec 16, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.