48 matches found
WordPress plugin CodePen Embed Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CodePen Embed Block plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
PT-2025-26380 · Unknown · Codepen Embed Block
Name of the Vulnerable Software and Affected Versions: CodePen Embed Block versions through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...
WordPress CodePen Embed Block plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin CodePen Embed Block versions = 1.2.0...
BIT-DISCOURSE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
CVE-2025-48877
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
CVE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
CVE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
CVE-2025-48877
Summary: CVE-2025-48877 affects Discourse. Before the patched releases, Codepen could be present in the default allowed_iframes site setting, potentially auto-running arbitrary JS in the iframe scope. Affected versions (as stated): Discourse < 3.4.4 (stable), < 3.5.0.beta5 (beta), and
CVE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.4.4, prior to 3.5.0.beta5, and prior to 3.5.0.beta6-dev, which stems fr...
PT-2025-24434 · Codepen +1 · Codepen +1
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch Description: Discourse is an open-source discussion platform. In versions...
CVE-2024-50440
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
CVE-2024-37960
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...
CVE-2024-50440
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2...
CVE-2024-50440
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
CVE-2024-50440 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
CVE-2024-50440
CVE-2024-50440 describes a stored XSS vulnerability in the WordPress plugin CodePen Embedded Pens Shortcode (versions
CVE-2024-50440 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
WordPress plugin CodePen Embedded Pens Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.2...