CVE-2025-23922

CVE-2025-23922 concerns the WordPress iSpring Embedder plugin

CVE-2025-23922 WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through = 1.0...

CVE-2025-23871 WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Bas Matthee LSD Google Maps Embedder lsd-google-maps-embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through = 1.1...

CVE-2025-23871

CVE-2025-23871 is a CSRF vulnerability in the LSD Google Maps Embedder. Public description indicates it affects versions up to 1.1, but the connected Red Hat entry only reiterates the CSRF issue without listing an available patch or fixed version. No exploits, mitigation steps, or precise remedia...

WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin iSpring Embedder versions = 1.0...

WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin LSD Google Maps Embedder versions = 1.1...

WordPress plugin iSpring Embedder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site reques...

WordPress Shine PDF Embeder plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Shine PDF Embeder versions = 1.0...

CVE-2024-51795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fayjur Pdf Embedder Fay pdf-embedder-fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through = 1.10.1...

CVE-2024-51795 WordPress Pdf Embedder Fay plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fayjur Pdf Embedder Fay pdf-embedder-fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through = 1.10.1...

CVE-2024-51795

CVE-2024-51795: WordPress plugin ByteLabX Pdf Embedder Fay is affected (versions up to 1.10.1). The issue is a DOM-Based XSS caused by improper input neutralization during web page generation. Impact is DOM-based script execution in affected pages. The record notes a fix, but the exact patched ve...

CVE-2024-51795 WordPress Pdf Embedder Fay plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ByteLabX Pdf Embedder Fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through 1.10.1...

WordPress plugin Pdf Embedder Fay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2024-34922 · Bytelabx · Bytelabx Pdf Embedder Fay

Name of the Vulnerable Software and Affected Versions: ByteLabX Pdf Embedder Fay versions 1.10.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that an attacker ca...

CVE-2024-9849

The Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfbsavethumbnailcallback' function in all versions up to, and including, 4.8. This makes it possible for authenticated...

CVE-2024-9849

CVE-2024-9849 (Real 3D FlipBook Lite – 3D FlipBook, PDF Viewer, PDF Embedder): The vulnerability is an authenticated arbitrary-file-upload flaw caused by missing file-type validation in the r3dfb_save_thumbnail_callback, affecting all versions up to 4.6. An Author+ level attacker can upload arbit...

WordPress Pdf Embedder Fay plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Pdf Embedder Fay versions = 1.10.1...

WordPress Pdf Embedder Fay Plugin <= 1.10.1 is vulnerable to Cross Site Scripting (XSS)

Software Pdf Embedder Fay Type Plugin Vulnerable versions = 1.10.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51795 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a58f6ce2474 Credits SOPROBRO Required privilege Contributo...

WordPress PDF Embedder plugin <= 4.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by m3ez Patchstack Alliance in WordPress Plugin PDF Embedder versions = 4.7.1...

WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...