28 matches found
CVE-2025-12885
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885
CVE-2025-12885 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Embed Any Document (Embed PDF, Word, PowerPoint, Excel Files). Affected versions: all up to 2.7.10, per Wordfence; the issue arises from insufficient input sanitization and output escaping in sanitize_pdf_src. E...
CVE-2025-12885 Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885 Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
EUVD-2025-204022
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
WordPress plugin Embed Any Document 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-51989
Name of the Vulnerable Software and Affected Versions Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress versions through 2.7.10 Description The WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin contains a Stored Cross-Site...
WordPress Embed Any Document plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Any Document versions = 2.7.10...
EUVD-2023-27793
Malicious code in bioql PyPI...
EUVD-2025-31299
Malicious code in bioql PyPI...
CVE-2025-60099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099 WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099
CVE-2025-60099 affects the WordPress plugin Embed Any Document (Embed Any Document) and corresponds to a stored XSS vulnerability. The issue is described as Improper Neutralization of Input During Web Page Generation (XSS) in the plugin, with affected range “from n/a through 2.7.7.” The connected...
CVE-2025-60099 WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
PT-2025-39546
Name of the Vulnerable Software and Affected Versions Embed Any Document versions through 2.7.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS condition. This allows for Stored XSS attacks. The...
WordPress plugin Embed Any Document 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-23707
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...
CVE-2025-1043 Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and...