Security Advisory

CVE-2021-24419

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-12 19:20:54

Last updated 2024-08-03 19:28:23

Assigner WPScan

State PUBLISHED

Description

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.

← Browse all CVEs View on cve.org ↗