1601 matches found
CVE-2026-32349 WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...
PT-2026-25257
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through = 4.4...
WordPress plugin Embed PDF Viewer 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress plugin Embed Calendly 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-25196
CVE-2026-32349 Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF View… https://t.co/K6h8gjh2hi...
CVE-2026-31876
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...
CVE-2026-31876 Notesnook has Stored XSS via unsanitized Twitter/X embed URL in editor (`tweetToEmbed`)
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...
CVE-2026-31876 Notesnook has Stored XSS via unsanitized Twitter/X embed URL in editor (`tweetToEmbed`)
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...
CVE-2026-31876 Notesnook has Stored XSS via unsanitized Twitter/X embed URL in editor (`tweetToEmbed`)
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...
PT-2026-24783
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...
CVE-2026-1823
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2026-10133
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1823
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1823
CVE-2026-1823 (Consensus Embed plugin, WordPress) is a stored XSS vulnerability affecting all versions up to 1.6, caused by insufficient input sanitization and output escaping on attributes used by the plugin’s consensus shortcode. The CVE description specifies that exploitation requires authenti...
CVE-2026-1823 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1823 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1823
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Consensus Embed plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Consensus Embed versions = 1.6...
PT-2026-23843
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin Consensus Embed 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...