16 matches found
CVE-2025-14144
The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the msyoutubeembeds shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress plugin Mstoic Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...
PT-2026-1631
Name of the Vulnerable Software and Affected Versions Mstoic Shortcodes plugin for WordPress versions prior to 2.1 Description The Mstoic Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the start parameter of the ms youtube embeds shortcode due t...
WordPress 4.2.x < 4.2.13 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.1.x < 4.1.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 3.7.x < 3.7.19 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
CVE-2017-6817
In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...
UBUNTU-CVE-2017-6817
In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...
DEBIAN-CVE-2017-6817
In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...
CVE-2017-6817
In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...
CVE-2017-6817
In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...
wordpress -- multiple vulnerabilities
WordPress versions 4.7.2 and earlier are affected by six security issues. Cross-site scripting XSS via media file metadata. Control characters can trick redirect URL validation. Unintended files can be deleted by administrators using the plugin deletion functionality. Cross-site scripting XSS via...
WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
Description This can be exploited by unauthenticated users in versions 4.7 and 4.7.1 by leveraging this vulnerability https://wpvulndb.com/vulnerabilities/8734...
WordPress < 4.7.3 Multiple Vulnerabilities
Binary data 9980.prm...
WordPress Multiple Vulnerabilities (Mar 2017) - Windows
WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...
Nextcloud: Version 4.7.2 of wordpress is vulnerable
Hello team, I observed that your website https://nextcloud.com still use wordpress 4.7.2 Version 4.7.2 of wordpress is vulnerable to : Cross-site scripting XSS Control characters can trick redirect URL validation Cross-site scripting XSS via video URL in YouTube embeds Cross-site scripting XSS vi...