{"id":"CVE-2022-1187","details":"The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.","modified":"2026-03-14T11:21:02.462277Z","published":"2022-04-19T21:15:13.927Z","references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/wp-youtube-live/trunk/inc/admin.php#L355"},{"type":"ADVISORY","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=cve"},{"type":"FIX","url":"https://github.com/macbookandrew/wp-youtube-live/commit/2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/macbookandrew/wp-youtube-live","events":[{"introduced":"0"},{"fixed":"587d832ec17c92d43c53c11b18c2d1c40a16d3a9"},{"fixed":"2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.7.22"}]}}],"versions":["1.7.12","1.7.13","1.7.14","1.7.15","1.7.16","1.7.17","1.7.18","1.7.19","1.7.20","1.7.21","dev1.7.1","dev1.7.2","dev1.7.3","dev1.7.4","v1.0","v1.1","v1.2","v1.3","v1.4","v1.4.1","v1.4.2","v1.5","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.7.10","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1187.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}