The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-07-12T19:20:54
Updated: 2024-08-03T19:28:23.802Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24419
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-07-12T20:15:08.943
Modified: 2024-11-21T05:53:02.090
Link: CVE-2021-24419
Redhat
No data.