CVE-2023-51694 WordPress Embed Privacy Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Epiphyt Embed Privacy allows Stored XSS.This issue affects Embed Privacy: from n/a through 1.8.0...

WordPress Embed Privacy Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Embed Privacy Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51694 Patch priority Low CVSS severity Low 6.5 Developer Epiphyt PSID 5c950a5a8c2e Credits Ray Wilson Required privilege Contributor...

CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode

The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embedprivacyoptout shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode

The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embedprivacyoptout shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attribute...

PT-2023-30768 · WordPress · Embed Privacy

Name of the Vulnerable Software and Affected Versions: Embed Privacy plugin for WordPress versions up to, and including, 1.8.0 Description: The issue is related to Stored Cross-Site Scripting via the embed privacy opt out shortcode due to insufficient input sanitization and output escaping on...