CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

WordPress Code Embed plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Code Embed versions = 2.5.1...

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512 Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512 Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross‑Site Scripting up to version 2.5.1. The root cause is the sanitization function sec_check_post_fields() only runs on save_post, while custom fields can be added via the wp_ajax_add_meta endpoint without triggering save_post. The ce...

PT-2026-26068

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function sec check post fields only running on the save post hook, while WordPress allows custom fiel...

WordPress plugin Code Embed 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2023-49837

Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6...

EUVD-2023-53745

Malicious code in bioql PyPI...

EUVD-2024-33314

Malicious code in bioql PyPI...

CVE-2024-8804

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with...

CVE-2024-10814

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the cegetfile function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originati...

CVE-2024-10814

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the cegetfile function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originati...

CVE-2024-10814

Technical details about CVE-2024-10814 are not provided in the supplied documents. Monitor official advisories for updates on affected products, impact, and fixes.

CVE-2024-10814 Code Embed <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the cegetfile function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originati...

WordPress plugin Code Embed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Code Embed plugin <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Max Boll b0lli in WordPress Plugin Code Embed versions = 2.5...

WordPress Code Embed Plugin <= 2.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Code Embed Type Plugin Vulnerable versions = 2.5 Fixed in 2.5.1 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-10814 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 4cf23fa82f5e Credits Max Boll b0lli Required privilege...