CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

CVE-2025-14941 GZSEO <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

PT-2026-4574

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the emb...

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-64729

The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability. This vulnerability arises because authenticated attackers can manipulate the Project Optimization project files and embed code,...

PT-2026-3196

Name of the Vulnerable Software and Affected Versions Process Optimization affected versions not specified Description An authenticated attacker with standard user privileges can modify Process Optimization project files, insert code, and potentially gain the privileges of a user who interacts wi...

CVE-2023-49837

A vulnerability in David Artiss Code Embed simple-embed-code.This issue affects Code Embed: from n/a through = 2.3.6...

CVE-2023-49837 WordPress embed-code plugin <= 2.3.6 - Denial of Service Attack vulnerability

A vulnerability in David Artiss Code Embed simple-embed-code.This issue affects Code Embed: from n/a through = 2.3.6...

CVE-2021-24621

The CVE-2021-24621 entry concerns the WP Courses LMS WordPress plugin (versions before 2.0.44). The vulnerability is due to inadequate sanitisation of the Video Embed Code, allowing an authenticated high-privilege user to inject malicious code, leading to Stored Cross-Site Scripting. Affected com...

CVE-2021-24621 WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues PoC 1. On the dashboard, navigate to WP Courses Courses Add New...

Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code

The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a Vulnerability in Shortcode Embed Code security vulnerability...

NASA Orion (Mars) Filter Bypass / Persistent Cross Site Scripting

Document Title: =============== NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1339 VU666988 US CERT Vulnerability Magazine:...

NASA Orion - Bypass, Persistent Issue & Embed Code Exec

Document Title: =============== NASA Orion - Bypass, Persistent Issue & Embed Code Exec References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1339 VU666988 US CERT Vulnerability Magazine:...