CVE-2025-6061 – YouTube Video for WordPress Stored Cross-Site Scripting Vulnerability

June 14, 2025

CVE ID : CVE-2025-6061

Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago

Description : The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘kkytv’ shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6055 – “Zen Sticky Social WordPress CSRF”

Next Article CVE-2025-5336 – WordPress Click to Chat Stored Cross-Site Scripting Vulnerability

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

Unmasking The Magic: The Wizard Of Oz Method For UX Research

How I personalized my ChatGPT conversations – why it’s a game changer

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

Salesforce Health Cloud Demo: Provider Search & Network Management in Action

Salesforce Health Cloud Demo: Provider Search & Network Management in Action

Oracle Cloud EPM: Transitioning to Forms 2.0, Dashboards 2.0 by October 2025

This Week in Laravel: React.js, Filament vs Laravel, and Junior Test

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

CVE-2025-6061 – YouTube Video for WordPress Stored Cross-Site Scripting Vulnerability

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack

A cross-platform Markdown note-taking application

Some of Call of Duty: Warzone’s biggest players use this weapon optic, so I tried it — it totally changed the game

Optimizing Reasoning Performance: A Comprehensive Analysis of Inference-Time Scaling Methods in Language Models

CVE-2025-37891 – ALSA UMP Buffer Overflow Vulnerability

CVE-2025-30172 – ASPECT Remote Code Execution Vulnerability

Grafana releases critical security update for Image Renderer plugin

CVE-2025-4536 – Gosuncn Technology Group Audio-Visual Integrated Management Platform Remote Information Disclosure

Nvidia dominates in gen AI benchmarks, clobbering 2 rival AI chips

CVE-2025-6061 – YouTube Video for WordPress Stored Cross-Site Scripting Vulnerability

Related Posts