cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1871,https://securityvulnerability.io/vulnerability/CVE-2023-1871,Cross-Site Request Forgery in YourChannel Plugin for WordPress,"The YourChannel plugin for WordPress has a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in its deleteLang function. This allows unauthenticated attackers to manipulate the plugin's language translation settings by tricking a site administrator into executing unwanted actions, such as clicking on a malicious link. To safeguard against this type of attack, it is essential for users to update to the latest version of the plugin and implement robust security practices.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-1869,https://securityvulnerability.io/vulnerability/CVE-2023-1869,Stored Cross-Site Scripting Vulnerability in YourChannel Plugin for WordPress,"The YourChannel plugin for WordPress, up to version 1.2.5, is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in its admin settings. This vulnerability allows authenticated attackers with administrative privileges to inject malicious scripts into pages. The scripts execute when other users access the compromised pages. The vulnerability primarily impacts multi-site installations and those with 'unfiltered_html' functionality disabled, increasing the risk of unauthorized data exposure and manipulation.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,4.8,MEDIUM,0.0009699999936856329,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-1870,https://securityvulnerability.io/vulnerability/CVE-2023-1870,Cross-Site Request Forgery Vulnerability in YourChannel Plugin for WordPress,The YourChannel plugin for WordPress is prone to a Cross-Site Request Forgery vulnerability due to improper nonce validation in its saveLang function. This oversight enables unauthenticated attackers to manipulate the plugin's language translation settings by tricking an admin into submitting a forged request. This vulnerability highlights the importance of robust authentication measures in preventing unauthorized changes.,Wordpress,YourChannel: Everything you want in a YouTube plugin.,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-1865,https://securityvulnerability.io/vulnerability/CVE-2023-1865,Unauthorized Data Loss in YourChannel Plugin for WordPress,"The YourChannel plugin for WordPress contains a security flaw that permits unauthorized users to reset plugin settings through the yrc_nuke GET parameter. This flaw arises from a missing capability check, allowing unauthenticated attackers to potentially delete YouTube channels associated with the plugin. It is crucial for users of this plugin to ensure they are using the latest version and implement security best practices to mitigate this threat.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,6.5,MEDIUM,0.0011899999808520079,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-1866,https://securityvulnerability.io/vulnerability/CVE-2023-1866,Cross-Site Request Forgery Vulnerability in YourChannel Plugin for WordPress,"The YourChannel plugin for WordPress suffers from a vulnerability that permits Cross-Site Request Forgery, allowing attackers to manipulate the plugin's channel settings. This security lapse arises from improper nonce validation in the clearKeys function, exposed in versions up to and including 1.2.3. An attacker can exploit this flaw by tricking a site administrator into taking an unintended action, such as clicking a malicious link, thereby executing a forged request to alter the plugin's settings without proper authentication.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-1867,https://securityvulnerability.io/vulnerability/CVE-2023-1867,Cross-Site Request Forgery in YourChannel Plugin for WordPress,"The YourChannel plugin for WordPress is susceptible to Cross-Site Request Forgery in all its versions up to and including 1.2.3. This vulnerability arises from improper nonce validation in the save function, allowing an unauthenticated attacker to potentially modify the plugin settings. By tricking a site administrator into clicking a malicious link, attackers can send unauthorized requests, compromising the integrity of the plugin's configuration and potentially leading to further security risks.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-1868,https://securityvulnerability.io/vulnerability/CVE-2023-1868,Unauthorized Cache Clearing in YourChannel Plugin for WordPress,"The YourChannel plugin for WordPress contains a security flaw that permits unauthorized users to clear the plugin's cache due to the absence of a proper capability check. This vulnerability can be exploited via the yrc_clear_cache GET parameter, potentially leading to data loss and disruption of service. Users of versions up to and including 1.2.3 are susceptible to this issue, emphasizing the need for immediate updates and regular security assessments.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,5.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-04-05T14:15:00.000Z,0
CVE-2023-0282,https://securityvulnerability.io/vulnerability/CVE-2023-0282,YourChannel < 1.2.2 - Subscriber+ Stored XSS,"The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.",Wordpress,YourChannel: Everything you want in a YouTube plugin.,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2022-4833,https://securityvulnerability.io/vulnerability/CVE-2022-4833,YourChannel: Everything you want in a YouTube plugin < 1.2.3 - Contributor+ Stored XSS via Shortcode,"The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Yourchannel: Everything You Want In A Youtube Plugin.,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T19:59:18.984Z,0