310 matches found
WordPress Drive Folder Embedder plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via tablecssclass Parameter vulnerability discovered by Gilang in WordPress Plugin Drive Folder Embedder versions = 1.1.0...
WordPress plugin Drive Folder Embedder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-26932 · WordPress · Drive Folder Embedder
Name of the Vulnerable Software and Affected Versions: Drive Folder Embedder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers...
PT-2025-26500 · WordPress · 3D Flipbook – Pdf Embedder
Name of the Vulnerable Software and Affected Versions: The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress versions up to, and including, 1.16.15 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization an...
CVE-2024-29141
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4...
CVE-2024-51795
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fayjur Pdf Embedder Fay pdf-embedder-fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through = 1.10.1...
CVE-2024-0216
The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating...
CVE-2023-51504
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2...
CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...
CVE-2019-19589
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...
CVE-2016-10881
The google-document-embedder plugin before 2.6.2 for WordPress has XSS...
CVE-2015-1879
Cross-site scripting XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php...
CVE-2025-3417
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...
WordPress plugin Embedder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-15923 · WordPress · Embedder
Name of the Vulnerable Software and Affected Versions: Embedder plugin for WordPress versions 1.3 to 1.3.5 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the ajax set global option function. This enables...
WordPress Embedder plugin 1.3-1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Embedder versions 1.3-1.3.5...
CVE-2025-31458
Cross-Site Request Forgery CSRF vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through = 1.7.1...
WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Video Embedder versions = 1.7.1...