CVE-2022-1187 in WP YouTube Live Plugin
Summary
by MITRE • 04/20/2022
The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/08/2026
The vulnerability identified as CVE-2022-1187 affects the WordPress WP YouTube Live Plugin, specifically targeting versions up to and including 1.7.21. This represents a critical security flaw that exposes WordPress installations to reflected cross-site scripting attacks. The vulnerability manifests within the ~/inc/admin.php file where POST data is processed without adequate sanitization or validation, creating an attack vector that can be exploited by unauthenticated malicious actors.
The technical implementation of this vulnerability stems from improper input handling within the plugin's administrative interface. When POST parameters are submitted to the admin.php endpoint, the application fails to properly escape or filter user-supplied data before it is rendered back to the browser. This reflected XSS vulnerability allows attackers to inject malicious scripts that execute in the context of a victim's browser session. The attack requires no authentication and can be delivered through various means including phishing emails, compromised websites, or direct exploitation of the vulnerable parameter.
From an operational perspective, this vulnerability poses significant risks to WordPress site administrators and their users. An attacker could exploit this flaw to steal administrative credentials, modify content, redirect users to malicious sites, or perform actions on behalf of authenticated users. The reflected nature of the attack means that the malicious payload is delivered through a crafted URL or form submission that, when processed by the vulnerable plugin, executes in the victim's browser. This vulnerability can be particularly dangerous in environments where administrators regularly access the WordPress admin interface and may inadvertently click on malicious links.
The security implications extend beyond simple script injection as this vulnerability can be leveraged for more sophisticated attacks within the context of the ATT&CK framework's initial access and execution phases. Attackers can use this vulnerability to establish persistent access to compromised systems or to conduct further reconnaissance activities. The CWE-79 classification for cross-site scripting provides a standardized framework for understanding this vulnerability type, which is characterized by the improper handling of untrusted data in web applications. Organizations using affected plugin versions should immediately implement mitigations including plugin updates, input validation measures, and network-level protections to prevent exploitation attempts.
Mitigation strategies should include immediate patching of the affected plugin to the latest version that addresses this vulnerability, implementing web application firewalls to detect and block malicious payloads, and conducting thorough security audits of all installed WordPress plugins. Additionally, administrators should consider implementing Content Security Policy headers to limit script execution and establish proper input validation routines that sanitize all user-supplied data before processing. The vulnerability highlights the critical importance of maintaining up-to-date third-party components in WordPress installations and demonstrates how seemingly minor flaws in plugin code can create significant security risks for entire web applications.