MEDIUM
Feeds for YouTube
CVE published 2026-05-18
CVE-2026-1631
CVE-2026-1631 is a medium-severity (CVSS 5.4) missing authorization vulnerability in the Feeds for YouTube WordPress plugin, affecting versions before 2.6.4. The flaw exists in the plugin's 'actions' function, which lacks proper capability checks, allowing authenticated users with subscriber-level privileges or higher to delete the plugin's license key without authorization. This represents a CWE-862 (Mis [truncated]