CVE-2021-24414

CVE-2021-24414: YT Player < 1.4 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown
Product Video Player for YouTube
Weakness CWE-79 · XSS
Published October 25, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode

Key dates

02Disclosure timeline

October 25, 2021 CVE published
August 3, 2024 Record updated