1601 matches found
CVE-2026-2512
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...
CVE-2026-2512 Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...
CVE-2026-2512 Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...
CVE-2026-2512
The Code Embed plugin for WordPress is vulnerable to Stored Cross‑Site Scripting up to version 2.5.1. The root cause is the sanitization function sec_check_post_fields() only runs on save_post, while custom fields can be added via the wp_ajax_add_meta endpoint without triggering save_post. The ce...
CVE-2026-2512
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...
PT-2026-26068
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function sec check post fields only running on the save post hook, while WordPress allows custom fiel...
WordPress plugin Code Embed 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
EUVD-2026-11928
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...
EUVD-2026-11835
Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...
EUVD-2026-12176
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2026-32411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...
CVE-2026-32349
Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...
CVE-2026-32411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...
CVE-2026-32411 WordPress Embed Calendly plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...
CVE-2026-32411 WordPress Embed Calendly plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...
CVE-2026-32411
CVE-2026-32411 affects the WordPress Embed Calendly plugin
CVE-2026-32349
Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...
CVE-2026-32349 WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...
CVE-2026-32349
CVE-2026-32349 describes a Server-Side Request Forgery (SSRF) in the WordPress Embed PDF Viewer plugin (embed-pdf-viewer) up to version 2.4.7. Affected component: embed-pdf-viewer in the plugin; vendor: Andy Fragen. Root cause and exact exploit details are not provided beyond the SSRF nature and ...