CVE-2025-68565

Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through = 2.1.3...

CVE-2025-68599

CVE-2025-68599 affects the WordPress plugin Embeds for YouTube (youtube-embed) with a Stored XSS in the YouTube Embed feature. Public data indicates an Improper Neutralization of Input During Web Page Generation (XSS) and a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Connec...

CVE-2025-68599 WordPress YouTube Embed plugin <= 5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

CVE-2025-68599 WordPress YouTube Embed plugin <= 5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

CVE-2025-68565

CVE-2025-68565 involves a Missing Authorization flaw in the Twitch Player WordPress plugin (ttv-easy-embed-player). The Wordfence report lists Twitch Player as affected, specifying vulnerability class as Missing Authorization and referencing the plugin’s Twitch Player entry, with affected range i...

PT-2025-53287

Name of the Vulnerable Software and Affected Versions Embeds For YouTube Plugin Support YouTube Embed versions through 5.4 Description The YouTube Embed plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This allo...

WordPress plugin YouTube Embed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-53253

Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through = 2.1.3...

WordPress YouTube Embed plugin <= 5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YouTube Embed versions = 5.4...

CVE-2025-13754

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5, allows an attacker to perform actions to degrade service, which has no impact to...

CVE-2025-13754

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...

CVE-2025-13754 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...

CVE-2025-13754 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...

CVE-2025-13754

The CVE-2025-13754 entry affects the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) up to version 1.6.9.16. Root cause is unauthenticated access to the admin embed endpoint /wp-json/ssa/v1/embed-inner-admin, causing leakage of private configuration data (staff names,...

CVE-2025-12885

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

CVE-2025-12885

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

CVE-2025-12885

CVE-2025-12885 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Embed Any Document (Embed PDF, Word, PowerPoint, Excel Files). Affected versions: all up to 2.7.10, per Wordfence; the issue arises from insufficient input sanitization and output escaping in sanitize_pdf_src. E...

CVE-2025-12885 Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

EUVD-2025-204022

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...