WP Youtube Video Gallery Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Youtube Video Gallery plugin for WordPress, affecting all versions through 1.0. The issue arises from a lack of nonce verification in the wpYTVideoGallerySettingSave() function, allowing unauthenticated attackers to alter plugin settings. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings, potentially allowing attackers to manipulate how videos are displayed or managed on the site.

Added: Jan 24, 2026, 8:32 AM

Updated: Jan 24, 2026, 8:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Youtube Video Gallery Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating