PT-2025-1686 · WordPress · App Embed

Name of the Vulnerable Software and Affected Versions: App Embed plugin for WordPress versions up to and including 2.3.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'appizy'...

CVE-2024-11774

CVE-2024-11774 affects the Outdooractive Embed WordPress plugin. The vulnerability is a Stored XSS in the list2go shortcode, exploitable by authenticated users with Contributor+ privileges to inject scripts on pages viewed by others. Affected: Outdooractive Embed, versions up to and including 1.5...

WordPress Outdooractive Embed plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Outdooractive Embed versions = 1.5...

CVE-2024-10814

Technical details about CVE-2024-10814 are not provided in the supplied documents. Monitor official advisories for updates on affected products, impact, and fixes.

WordPress plugin Code Embed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Code Embed plugin <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Max Boll b0lli in WordPress Plugin Code Embed versions = 2.5...

WordPress Code Embed Plugin <= 2.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Code Embed Type Plugin Vulnerable versions = 2.5 Fixed in 2.5.1 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-10814 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 4cf23fa82f5e Credits Max Boll b0lli Required privilege...

CVE-2024-8804

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with...

WordPress plugin Code Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-45613

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

WordPress Wonder PDF Embed plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Wonder PDF Embed versions = 2.7...

WordPress Sketchfab Embed Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Sketchfab Embed Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37216 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df405e37366c Credits LVT-tholv2k Required privilege Contributor...

PT-2024-36413 · WordPress · Responsive Video Embed

Name of the Vulnerable Software and Affected Versions: Responsive video embed WordPress plugin versions prior to 0.5.1 Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the Responsive video embed WordPress plugin. This could allow users with...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin = 1.0.5 versions...

CVE-2023-47811

CVE-2023-47811 concerns the Anywhere Flash Embed WordPress plugin (

CVE-2023-47811 WordPress Anywhere Flash Embed Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin = 1.0.5 versions...

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

GHSA-HG2P-2CVQ-4PPV Cross-site scripting in lazysizes

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...

Cross-site scripting in lazysizes

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...