Browse all 4 CVE security advisories affecting yotuwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yotuwp is a WordPress plugin primarily used for embedding YouTube videos with additional customization features. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's vulnerabilities often stem from insufficient input validation and improper capability checks. Notably, in 2021, a critical flaw allowed unauthenticated attackers to execute arbitrary code on affected sites, leading to widespread exploitation. Despite patches, new vulnerabilities continue to emerge, with four CVEs currently recorded. The plugin's pattern of security issues highlights risks associated with insufficient input sanitization and access control implementations in WordPress extensions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-4551 | Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode — Video Gallery – YouTube Playlist, Channel Gallery by YotuWPCWE-98 | 6.4 | Medium | 2024-06-15 |
| CVE-2024-4258 | Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion — Video Gallery – YouTube Playlist, Channel Gallery by YotuWPCWE-98 | 9.8 | Critical | 2024-06-15 |
| CVE-2023-25477 | WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS) — Video GalleryCWE-79 | 5.9 | Medium | 2023-09-01 |
| CVE-2022-35726 | WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability — Video Gallery (WordPress plugin) | 4.3 | Medium | 2022-08-23 |
This page lists every published CVE security advisory associated with yotuwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.