Primary

Context

VidoRev Extensions WordPress Plugin Missing Authorization Vulnerability for YouTube Video Import

Vulnerability

A vulnerability exists in the VidoRev Extensions plugin for WordPress, all versions through 2.9.9.9.9.9.5. The issue arises from a lack of capability checks on the 'vidorev_import_single_video' AJAX action, allowing unauthenticated users to import arbitrary YouTube videos.

Impact

Exploitation of this vulnerability allows for unauthorized importation of YouTube videos, which could be misused to manipulate video content on the affected WordPress site.

Remediation

Users can update to version 2.9.9.9.9.9.6 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VidoRev Extensions WordPress Plugin Missing Authorization Vulnerability for YouTube Video Import

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating