CVE-2026-1631

MEDIUM 5.4

Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

4th

The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key.

Vendor	unknown
Product	feeds for youtube (youtube video, channel, and gallery plugin)
Published	May 18, 2026
Last Updated	May 18, 2026

Stay Ahead of the Next One

Get instant alerts for unknown feeds for youtube (youtube video, channel, and gallery plugin)

Be the first to know when new medium vulnerabilities affecting unknown feeds for youtube (youtube video, channel, and gallery plugin) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Feeds for YouTube (YouTube video, channel, and gallery plugin)

0 < 2.6.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/b19596c2-69bc-4e15-8632-eb80f4577e3c/

Credits

Legion Hunter WPScan