GCVE - cpe:2.3:a:wpdevart:youtube_embed,_playlist_and_popup_by

Approved changes feed: RSS · Atom

cpe:2.3:a:wpdevart:youtube_embed,_playlist_and_popup_by_wpdevart:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wpdevart (`62458400-5314-5c71-819c-4b29c90460da`)
Product	Youtube Embed, Playlist And Popup By Wpdevart (`63bb3908-d25f-5dfd-b2ff-5c5c7fb2d027`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2537`	vulnerable	2026-06-03 15:00:25.774433	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library MEDIUM (6.4) Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-07-03T12:23:08.822Z Updated: 2026-04-08T16:54:56.412Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/59ea7390-3587-4fce-b267-bf525dbe3e27?source=cve https://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/static/Lightbox/thickbox/thickbox.js https://plugins.trac.wordpress.org/browser/youtube-video-player/trunk/front_end/scripts/youtube_embed_front_end.js https://plugins.trac.wordpress.org/browser/auto-thickbox/trunk/js/auto-thickbox.js https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3281159%40nextgen-gallery&old=3276142%40nextgen-gallery&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-24002`	vulnerable	2026-06-03 14:49:29.231132	WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.9) Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions. Published: 2023-04-06T08:04:24.910Z Updated: 2026-04-28T16:08:05.098Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/youtube-video-player/wordpress-youtube-embed-playlist-and-popup-by-wpdevart-plugin-2-6-3-cross-site-scripting-xss?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Youtube Embed, Playlist And Popup By Wpdevart

PURL mappings

Vulnerability references

Contribute