CVE-2021-24464

Name of the Vulnerable Software and Affected Versions YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin versions prior to 2.3.9

Description The issue is related to an authenticated Stored Cross-Site Scripting problem. It occurs because some shortcode options in the plugin do not properly escape, validate, or sanitise user input. This flaw is accessible to users with a role as low as Contributor.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode options to higher-level users until the update is applied.