CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

CVE-2025-13054

CVE-2025-13054 affects the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” up to version 3.14.8. The vulnerability is a Stored Cross-Site Scripting (XSS) via the wppb-embed shortcode, caused by insufficient input sanitization and outpu...

CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

PT-2025-47437

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

WordPress plugin User Profile Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

Malicious Package

Overview signals-embed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-197740

Malicious code in signals-embed npm...

Malicious code in signals-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83d5dc4270646b6f83ba4c0f5f334ec8a5cedd7b16888c9b51a7b3159ddd32ce The package signals-embed was found to contain malicious code. Source: ghsa-malware 9a80ff00c3aa6ab32518f57107ea588aa2da22e76d6db9823783032b89ca146f...

org.webjars.npm:vega-embed (=6.21.0) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-interpreter (=1.0.4)

org.webjars.npm:vega-interpreter MAVEN version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vega-interpreter and may be impacted: - org.webjars.npm:vega-embed =6.21.0 Source cves: CVE-2025-59840 Source advisory:...

Cross-site Scripting (XSS)

starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...

[SECURITY] Fedora 43 Update: python-inline-snapshot-0.30.1-1.fc43

Golden master/snapshot/approval testing library which puts the values right into your source code...

CVE-2025-64387

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

Astra Linux – Vulnerability in Firefox, Thunderbird

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

Astra Linux – Vulnerability in Firefox, Thunderbird

Firefox may have incorrectly parsed a URL and reverted it to the youtube.com domain during parsing of the URL specified in an embed tag. This could have bypassed website security checks that restrict which domains users are allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ES...

Relative Path Traversal

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Relative Path Traversal via the URL normalization. An attacker can bypass security constraints and access restricted directories such as /WEB-INF/ and /META-INF/...

Improper Resource Shutdown or Release

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the delayed cleaning of multipart upload temporary files. An attacker can cause a denial-of-service by sending craft...

CVE-2025-11811

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

CVE-2025-11811

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

CVE-2025-11811

CVE-2025-11811 covers the WordPress plugin Simple Youtube Shortcode . The vulnerability is a Stored XSS in the shortcode param embed_youtube, caused by insufficient input sanitization and output escaping on the id attribute in versions up to and including 1.1.3. An attacker with contributor+ priv...

CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...