310 matches found
WordPress Simple Video Embedder plugin <= 2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by thiennv Patchstack Alliance in WordPress Simple Video Embedder plugin versions = 2.2. Solution Deactivate and delete. This plugin has been closed as of November 8, 2022 and is not available for download. This closure is temporary,...
CVE-2022-1231
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...
Format string
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...
UBUNTU-CVE-2022-1231
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...
CVE-2022-1231
CVE-2022-1231 concerns XSS via Embedded SVG in the SVG Diagram Format in the PlantUML project (plantuml/plantuml) prior to version 1.2022.4. The vulnerability is described as a stored XSS in the diagram embedder, with impact ranging from secret leakage to account hijacking and, in some contexts, ...
CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...
WordPress Document Embedder plugin title enumeration vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Document Embedder WordPress plugin prior to version 1.7.9 is vulnerable to a title enumeration vulnerability, which stems from the fact that the plugin includes an AJAX operation endpoint that can be...
CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...
CVE-2021-24775
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...
Design/Logic Flaw
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...
CVE-2021-24868
The CVE-2021-24868 entry concerns the WordPress Document Embedder plugin prior to 1.7.9. Affected component is the plugin’s AJAX action endpoint, which can be accessed by any authenticated user (e.g., a subscriber) to enumerate the titles of private and draft posts. The root cause is an informati...
CVE-2021-24775
The Document Embedder WordPress plugin (prior to version 1.7.5) exposes a REST endpoint that allows unauthenticated users to enumerate the titles of private and draft posts. • Affected product: WordPress Document Embedder plugin. • Vulnerable component: REST endpoint implementation (information d...
CVE-2021-24775 Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...
WordPress 安全漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Document Embedder WordPress plugin prior to version 1.7.9 is vulnerable to a title enumeration vulnerability, which stems from the fact that the plugin includes an AJAX operation endpoint that can be...
WordPress 安全漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...
WordPress Document Embedder plugin <= 1.7.4 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure vulnerability
Unauthenticated Arbitrary Private/Draft Post Title Disclosure vulnerability discovered by apple502j in WordPress Document Embedder plugin versions = 1.7.4. Solution Update the WordPress Document Embedder plugin to the latest available version at least 1.7.5...
Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...
Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
The plugin contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. As any authenticated user 1764 being the ID of a private/draft post...
WordPress Document Embedder plugin <= 1.7.6 - Arbitrary Private/Draft Post Title Disclosure vulnerability
Arbitrary Private/Draft Post Title Disclosure vulnerability discovered by apple502j in WordPress Document Embedder plugin versions = 1.7.6. Solution Update the WordPress Document Embedder plugin to the latest available version at least 1.7.8...
CVE-2019-19589
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...