CVE-2023-5063 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-5063

CWE

https://cwe.mitre.org/data/definitions/.html

The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via youtube shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected Software

Name	Vendor	Start Version	End Version
Widget_responsive_for_youtube	Stefanoai	*	1.6.1 (including)

References

https://plugins.trac.wordpress.org/browser/youtube-widget-responsive/trunk/youtube-widget-responsive.php?rev=2905626#L246
https://plugins.trac.wordpress.org/changeset/2968766/youtube-widget-responsive#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/72daa533-8b17-420c-9b51-b5f72da2726c?source=cve