This vulnerability will be published if we do not receive a response to this report with 14 days. To do that, go to YouTube Feed » Settings in the WordPress dashboard sidebar. Please contact us on to acknowledge this report if you received it via a third party (for example, as they generally cannot communicate with us on your behalf. Your attention is drawn to our disclosure policy: Learn how to add YouTube Video Feeds Dynamically in WordPress Gutenberg. In a real attack, forms can be auto-submitted.ĭxw believes in responsible disclosure. WP Social Ninja lets you fetch your business feeds from the three most popular platforms, and YouTube Feed is one of them. This gives you 3 options for embedding your video feed. Make sure you save all your changes first The Embed Feed box opens up. The aYouTube API Key:a value will be set to aHELLOa. To publish your YouTube feed as embedded video on WordPress, click the Embed button in the feed editing screen. Visit a page with the following content, and click submit: Feed YouTube channel content automatically to your website in a powerful and customizable gallery. And if your website is running on WordPress specifically, we’ve got you covered with a native plugin With this plugin, you can easily embed a YouTube channel widget using only a shortcode. The impact of the CSRF vulnerabilityA appears to be limitedA because it seems thatA the plugin is not vulnerable to XSS orA anything else which could be used in conjunction with the CSRF vulnerability. Embed YouTube Widget on a WordPress website EmbedSocial works for any CMS or website. The plugin contains a CSRF vulnerability which allows an attacker to change any setting in the plugin so long as they can cause a logged-in admin user to follow a link. CVSS: 4.3 (Medium AV:N/AC:M/Au:N/C:N/I:P/A:N)ĬSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin
0 Comments
Leave a Reply. |