{"id":6852,"date":"2025-06-14T04:17:33","date_gmt":"2025-06-14T04:17:33","guid":{"rendered":"http:\/\/localhost\/?p=6852"},"modified":"2025-06-14T04:17:33","modified_gmt":"2025-06-14T04:17:33","slug":"kk-youtube-video-02-authenticated-contributor-stored-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6852","title":{"rendered":"kk Youtube Video <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nkk Youtube Video <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-14T08:23:26.674Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nbhittani<\/td>\n<\/tr>\n
Product<\/th>\nkk Youtube Video<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n6.4 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the ‘kkytv’ shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into pages, which are executed when users access those pages. The issue affects all versions up to and including 0.2 due to insufficient input sanitization and output escaping.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
Product<\/th>\nkk Youtube Video<\/td>\n<\/tr>\n
Affected Version<\/th>\n0.2<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n