The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-07-12T19:20:54
Updated: 2021-07-12T19:20:54
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24419
JSON object: View
NVD Information
Status : Modified
Published: 2021-07-12T20:15:08.943
Modified: 2023-11-07T03:31:12.683
Link: CVE-2021-24419
JSON object: View
Redhat Information
No data.
CWE