Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Description

The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key.

Basic Information

ID CVE-2026-1631

Source WPScan

Published May 18, 2026 at 06:00

Modified May 18, 2026 at 13:39

Affected Product

Vendor Unknown

Product Feeds for YouTube (YouTube video, channel, and gallery plugin)

Affected Versions Unknown Feeds for YouTube (YouTube video, channel, and gallery plugin) 0

CWE Classification

CWE-862

References

wpscan.com /vulnerability/b19596c2-69bc-4e15-8632-eb80f4577e3c/

{
    "lastseen": "",
    "description": "The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key.",
    "published": "2026-05-18T06:00:04.592Z",
    "modified": "2026-05-18T13:39:28.618Z",
    "type": "cve",
    "title": "Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/b19596c2-69bc-4e15-8632-eb80f4577e3c/",
    "id": "CVE-2026-1631",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Unknown Feeds for YouTube (YouTube video, channel, and gallery plugin) 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Feeds for YouTube (YouTube video, channel, and gallery plugin)",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion_CVE-2026-1631