PT-2026-41635 · WordPress · Feeds For Youtube
Legion Hunter
·
Published
2026-05-18
·
Updated
2026-05-18
·
CVE-2026-1631
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Feeds for YouTube versions prior to 2.6.4
Description
A missing capability check in the
actions() function allows users with subscriber privileges or higher to unauthorizedly modify or delete the plugin license key.Recommendations
Update to version 2.6.4 or later.
As a temporary workaround, restrict access to the
actions() function to only authorized administrative users.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Feeds For Youtube