CVE-2026-3299

Name of the Vulnerable Software and Affected Versions WP YouTube Lyte versions prior to 1.7.30

Description The WP YouTube Lyte plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes within the 'lyte' shortcode. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page.

Recommendations Update to a version later than 1.7.29.