CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512 Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross‑Site Scripting up to version 2.5.1. The root cause is the sanitization function sec_check_post_fields() only runs on save_post, while custom fields can be added via the wp_ajax_add_meta endpoint without triggering save_post. The ce...

EUVD-2024-33314

Malicious code in bioql PyPI...

CVE-2024-8804

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with...

CVE-2024-10814

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the cegetfile function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originati...

CVE-2024-10814

Technical details about CVE-2024-10814 are not provided in the supplied documents. Monitor official advisories for updates on affected products, impact, and fixes.

WordPress plugin Code Embed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Code Embed plugin <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Max Boll b0lli in WordPress Plugin Code Embed versions = 2.5...

WordPress Code Embed Plugin <= 2.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Code Embed Type Plugin Vulnerable versions = 2.5 Fixed in 2.5.1 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-10814 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 4cf23fa82f5e Credits Max Boll b0lli Required privilege...

CVE-2024-8804

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with...

WordPress plugin Code Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...