VYPR

Wp Youtube Lyte

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-3299MedApr 16, 2026
    risk 0.35cvss 6.4epss 0.00

    The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2025-66062LowNov 21, 2025
    risk 0.22cvss 3.4epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28.

  • CVE-2021-24419Jul 12, 2021
    risk 0.00cvss epss 0.01

    The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.