CVE Details
Basic Information
| Title |
CVE-2025-4217 WP YouTube Video Optimizer <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| Type |
cve |
| Published |
2025-05-21T09:21:51 |
| Last Seen |
2025-05-21T10:24:22 |
CVSS Information
| Base Score |
6.4 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
LOW |
| User Interaction |
NONE |
| Scope |
CHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ib_youtube’ shortcode in versions up to 1.2. Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access or higher to inject malicious scripts into pages, which execute when accessed by users. |
| AI Severity |
Medium |
| Vendor |
WordPress Community |
| Product |
WP YouTube Video Optimizer |
| Affected Version |
<= 1.2 |
Additional Information
| CVE List |
CVE-2025-4217 |
| CWE List |
CWE-79 |
| Bulletin Family |
cve |
Description
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ib_youtube’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
