What is GHSA-q2vf-5q2q-2gm5?

GHSA-q2vf-5q2q-2gm5 is a security advisory published by GitHub Security Advisories with Medium severity. The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4...

Which CVE IDs does GHSA-q2vf-5q2q-2gm5 cover?

GHSA-q2vf-5q2q-2gm5 covers the following CVE IDs: CVE-2026-1631. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-q2vf-5q2q-2gm5?

GHSA-q2vf-5q2q-2gm5 has a CVSS v3 base score of 5.4, published by GitHub Security Advisories.

GHSA-q2vf-5q2q-2gm5MediumCVSS 5.4

The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-1631 →

📋 Description

The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-1631
https://wpscan.com/vulnerability/b19596c2-69bc-4e15-8632-eb80f4577e3c
https://github.com/advisories/GHSA-q2vf-5q2q-2gm5