header-logo
Suggest Exploit
vendor:
YT-Audio Plugin for WordPress
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: YT-Audio Plugin for WordPress
Affected Version From: 1.7
Affected Version To: Unknown (other versions may also be affected)
Patch Exists: NO
Related CWE:
CPE: a:yt-audio_project:yt-audio
Metasploit:
Other Scripts:
Platforms Tested: WordPress
Unknown

Cross-Site Scripting in YT-Audio Plugin for WordPress

The YT-Audio plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input before using it in the application. Plugin developers should follow secure coding practices and implement input validation and output encoding to prevent cross-site scripting vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46591/info

The YT-Audio plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

YT-Audio plugin 1.7 is vulnerable; other versions may also be affected.

http://www.example.com/wordpress/wp-content/plugins/yt-audio-streaming-audio-from-youtube/frame.php?v=%22%3E%3C/iframe%3E%3Cscript%3Ealert(0)%3C%2fscript%3E%3Ciframe+src=%22