Lucene search
K

310 matches found

Patchstack
Patchstack
added 2025/06/26 1:18 a.m.6 views

WordPress Drive Folder Embedder plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tablecssclass Parameter vulnerability discovered by Gilang in WordPress Plugin Drive Folder Embedder versions = 1.1.0...

6.4CVSS5.5AI score0.00165EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.3 views

WordPress plugin Drive Folder Embedder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.6 views

PT-2025-26932 · WordPress · Drive Folder Embedder

Name of the Vulnerable Software and Affected Versions: Drive Folder Embedder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers...

6.4CVSS5.6AI score0.00165EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/21 12:0 a.m.4 views

PT-2025-26500 · WordPress · 3D Flipbook – Pdf Embedder

Name of the Vulnerable Software and Affected Versions: The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress versions up to, and including, 1.16.15 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization an...

6.4CVSS5.6AI score0.00205EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.3 views

CVE-2024-29141

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4...

6.5CVSS8.6AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.5 views

CVE-2024-51795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fayjur Pdf Embedder Fay pdf-embedder-fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through = 1.10.1...

6.5CVSS7.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.5 views

CVE-2024-0216

The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating...

6.4CVSS6.6AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.7 views

CVE-2023-51504

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2...

6.5CVSS6.7AI score0.00736EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.9 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS6.7AI score0.00891EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.4 views

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...

9.8CVSS6.9AI score0.01771EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:32 a.m.6 views

CVE-2016-10881

The google-document-embedder plugin before 2.6.2 for WordPress has XSS...

6.1CVSS6.9AI score0.00951EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:5 a.m.6 views

CVE-2015-1879

Cross-site scripting XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php...

4.3CVSS6AI score0.02073EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/12 8:10 a.m.31 views

CVE-2025-3417

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

8.8CVSS7.5AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 7:2 a.m.18 views

CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

8.8CVSS0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/10 7:2 a.m.9 views

CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

8.8CVSS7.2AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.2 views

WordPress plugin Embedder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS8.5AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.7 views

PT-2025-15923 · WordPress · Embedder

Name of the Vulnerable Software and Affected Versions: Embedder plugin for WordPress versions 1.3 to 1.3.5 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the ajax set global option function. This enables...

8.8CVSS9.1AI score0.00353EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/04/09 10:10 p.m.6 views

WordPress Embedder plugin 1.3-1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Embedder versions 1.3-1.3.5...

8.8CVSS8.3AI score0.00353EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/30 12:30 p.m.16 views

CVE-2025-31458

Cross-Site Request Forgery CSRF vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through = 1.7.1...

7.1CVSS7.2AI score0.00123EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/28 12:52 p.m.5 views

WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Video Embedder versions = 1.7.1...

7.1CVSS6.1AI score0.00123EPSS
Exploits0Affected Software1
Rows per page
Query Builder