CVE-2022-1187
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| macbookandrew | WP YouTube Live | 0 <= 1.7.21 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=cve
- https://plugins.trac.wordpress.org/browser/wp-youtube-live/trunk/inc/admin.php#L355
- https://github.com/macbookandrew/wp-youtube-live/commit/2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=cve
- https://plugins.trac.wordpress.org/browser/wp-youtube-live/trunk/inc/admin.php#L355
- https://github.com/macbookandrew/wp-youtube-live/commit/2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.