CVE-2025-6692 YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-1571

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

CVE-2021-24464

The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2025-23513

CVE-2025-23513 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Bible Embed plugin for WordPress that enables Stored XSS. The entry indicates Bible Embed vulnerable from n/a through 0.0.4, with a CVSS v3.1 base score of 7.1 (HIGH) and impact vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I...

CVE-2024-13286

Summary: CVE-2024-13286 affects Drupal SVG Embed and is caused by improper input neutralization during web page generation, enabling cross-site scripting (XSS). Affected software: Drupal SVG Embed modules versions from 0.0.0 up to before 2.1.2. Root cause: Inadequate sanitization of SVG content e...

SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050

This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...

GHSA-QCJ6-VXWX-4RQV Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...

WordPress Simply Show Hooks plugin <= 1.2.1 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Simply Show Hooks versions = 1.2.1...

WordPress alfred24 Click & Collect plugin <= 1.1.7 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin alfred24 Click & Collect versions = 1.1.7...

WordPress Pixel Manager for WooCommerce plugin <= 1.43.3 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Pixel Manager for WooCommerce versions = 1.43.3...

WordPress Meal Tracker plugin <= 3.1.6 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Meal Tracker versions = 3.1.6...

WordPress Magic Conversation For Gravity Forms plugin <= 3.0.96 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Magic Conversation For Gravity Forms versions = 3.0.96...

CVE-2023-49837

Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6...

actix-lua (=0.2.0), age (>=0.5.0 <=0.6.1) +99 more potentially affected by CVE-2021-45712 via rust-embed (>=0.5.2 <=5.9.0)

rust-embed CARGO version =0.5.2, =0.5.0, =0.0.0, =0.1.0, =0.5.1, =0.1.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =1.0.0, =0.1.31, =0.1.36 and more Source cves: CVE-2021-45712 Source advisory: OSV:GHSA-XRG3-HMF3-RVGW...

PT-2021-21265 · Yellowfin · Yellowfin

Name of the Vulnerable Software and Affected Versions: Yellowfin versions prior to 9.6.1 Description: The issue is related to a Stored Cross-Site Scripting vulnerability in the video embed functionality. It can be exploited through a specially crafted HTTP POST request to the page...

phpok 最新版储存型xss。

简要描述： rt 详细说明： 看到出了论坛这个新功能 xss过滤还是不够哦。 两处问题。 发布帖子处， 1 正则貌似有问题。 换行就绕过了对 onxxx的检测。 2 测试代码 漏洞证明：...