28 matches found
CVE-2025-12885
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885 Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
EUVD-2025-204022
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885 Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885
CVE-2025-12885 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Embed Any Document (Embed PDF, Word, PowerPoint, Excel Files). Affected versions: all up to 2.7.10, per Wordfence; the issue arises from insufficient input sanitization and output escaping in sanitize_pdf_src. E...
PT-2025-51989
Name of the Vulnerable Software and Affected Versions Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress versions through 2.7.10 Description The WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin contains a Stored Cross-Site...
WordPress plugin Embed Any Document 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Embed Any Document plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Any Document versions = 2.7.10...
EUVD-2025-31299
Malicious code in bioql PyPI...
EUVD-2023-27793
Malicious code in bioql PyPI...
CVE-2025-60099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099 WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099 WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through = 2.7.7...
CVE-2025-60099
CVE-2025-60099 affects the WordPress plugin Embed Any Document (Embed Any Document) and corresponds to a stored XSS vulnerability. The issue is described as Improper Neutralization of Input During Web Page Generation (XSS) in the plugin, with affected range “from n/a through 2.7.7.” The connected...
PT-2025-39546
Name of the Vulnerable Software and Affected Versions Embed Any Document versions through 2.7.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS condition. This allows for Stored XSS attacks. The...
WordPress plugin Embed Any Document 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-23707
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...
CVE-2025-1043 Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and...