CVE-2025-4217 – WordPress YouTube Video Optimizer Stored Cross-Site Scripting

May 21, 2025

CVE ID : CVE-2025-4217

Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago

Description : The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ib_youtube’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4219 – WordPress DPEPress Stored Cross-Site Scripting

Next Article CVE-2025-4105 – Splitit WordPress Authorized Data Modification Vulnerability

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

10 Top React.js Development Service Providers For Your Next Project In 2026

Bookworms: Don’t skip this Kindle Paperwhite Essentials bundle that’s on sale

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

I’ve been using this Alienware 240Hz gaming monitor for 2 years — less than $1 a day if I’d bought it with this Prime Day discount

Final Fantasy IX Remake possibly cancelled according to latest rumors — Which may be the saddest way to celebrate this legendary game’s 25th anniversary

Token Limit – Monitor token usage in AI context files

Token Limit – Monitor token usage in AI context files

Perficient Named a 2025 Best Place to Work in Orange County!

Perficient Recognized by Leading Analyst Firm for Automotive and Mobility Expertise

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

I’ve been using this Alienware 240Hz gaming monitor for 2 years — less than $1 a day if I’d bought it with this Prime Day discount

Final Fantasy IX Remake possibly cancelled according to latest rumors — Which may be the saddest way to celebrate this legendary game’s 25th anniversary

CVE-2025-4217 – WordPress YouTube Video Optimizer Stored Cross-Site Scripting

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

CVE-2025-48870 – Apache HTTP Server Remote Code Execution Vulnerability

CVE-2025-23092 – Mitel OpenScape Accounting Path Traversal Vulnerability

What I Wish Someone Told Me When I Was Getting Into ARIA

Demis Hassabis & John Jumper awarded Nobel Prize in Chemistry

I got my hands on the redesigned successor to 2024’s best gaming laptop for most people — I’m confident that I’m going to love it, but there is ONE downside

Announcing Gemma 3n preview: Powerful, efficient, mobile-first AI

CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands

CVE-2025-53075 – Samsung Open Source rLottie Path Traversal Vulnerability

CVE-2025-4217 – WordPress YouTube Video Optimizer Stored Cross-Site Scripting

Related Posts