CVE-2026-3299 — Cross-Site Scripting (XSS)
Image via images.unsplash.com
CVE-2026-3299 — The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-3299 | vulnerability | CVE-2026-3299 |
| CWE-79 | weakness | CWE-79 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 05:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
MailGates/MailAudit CRLF Injection Exposes System Files
CVE-2026-6351 — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
Critical MailGates Flaw Lets Attackers Run Wild
CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary...
WinMatrix Agent: Local Auth Bypass to SYSTEM Privileges
CVE-2026-6348 — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on...