WordPress plugin Advanced Sermons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

DRUPAL-CONTRIB-2024-037

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content such as photos or videos when a user posts a link to that resource, without having to parse the resource directly. Added...

Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content such as photos or videos when a user posts a link to that resource, without having to parse the resource directly. Added...

WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability

Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...

CVE-2024-37221

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...

CVE-2024-37221

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...

CVE-2024-37216

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5...

CVE-2024-37216

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5...

CVE-2024-37216 WordPress Sketchfab Embed plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5...

CVE-2024-37216

CVE-2024-37216 describes a Stored XSS in the WordPress Sketchfab Embed plugin (vulnerable: plugin versions from n/a through 1.5) caused by improper input neutralization during web page generation. The primary sources identify the affected component as Sketchfab Embed and the root cause as imprope...

CVE-2024-37221 WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...

CVE-2024-37221 WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...

CVE-2024-37221

CVE-2024-37221 is a stored XSS vulnerability in the Kimili Flash Embed WordPress plugin. Public description: Improper Neutralization of Input During Web Page Generation (XSS) allowing stored XSS, affecting Kimili Flash Embed versions from n/a through 2.5.3. Connected documents identify the vulner...

PT-2024-27390 · Unknown · Kimili Flash Embed

Name of the Vulnerable Software and Affected Versions: Kimili Flash Embed versions 2.5.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

GHSA-H3PQ-667X-R789 Plate media plugins has a XSS in media embed element when using custom URL parsers

Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...

CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media

Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...

WordPress Insert or Embed Articulate Content into WordPress plugin < 4.3000000024 - Author+ Arbitrary File Upload vulnerability

Author+ Arbitrary File Upload vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Insert or Embed Articulate Content into WordPress versions 4.3000000024...

WordPress Embed Peertube Playlist plugin < 1.10 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Embed Peertube Playlist versions 1.10...

Plate Security Breach

Plate is a plugin system for Ziad Beyens individual developers to make it easier to build fully functional editors. Plate has a security vulnerability that stems from when the editor uses the MediaEmbedElement component and passes custom urlParsers via the useMediaState hook, if the custom parser...

WordPress plugin Embed Peertube Playlist security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...