PT-2025-27522 · WordPress · The Dear Flipbook – Pdf Flipbook

Name of the Vulnerable Software and Affected Versions: The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress versions up to, and including, 2.3.65 Description: The issue is related to DOM-Based Reflected Cross-Site Scripting due to insufficient input sanitizati...

Allocation of Resources Without Limits or Throttling

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP/2 multiplexing feature. an attacker can trigger resource exhaustion by creating excessive HTTP/2...

The vulnerability of Mozilla Firefox and Firefox ESR browsers relates to improper encoding or filtering of output data. This allows attackers to bypass existing security restrictions and redirect users to another website.

The vulnerability of Mozilla Firefox and Firefox ESR browsers is related to improper encoding or evasion of output data during the processing of the embed tag. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and redirect users to another website...

CVE-2025-53313

Cross-Site Request Forgery CSRF vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through = 2.1.0...

CVE-2025-53313

Cross-Site Request Forgery CSRF vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through = 2.1.0...

CVE-2025-53313 WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0...

CVE-2025-53313

CVE-2025-53313 describes a CSRF vulnerability in the Twitch TV Embed Suite WordPress plugin that enables stored XSS. Affected software: Twitch TV Embed Suite (plugin) versions n/a through 2.1.0. Root cause: Cross-Site Request Forgery leading to stored XSS. Public details in the connected sources ...

CVE-2025-53313 WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through = 2.1.0...

WordPress plugin Twitch TV Embed Suite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

WordPress CodePen Embed Block plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CodePen Embed Block plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

The CKEditor5 Youtube module enhances content creation in Drupal by seamlessly integrating YouTube video embedding into the CKEditor 5 text editor. The module doesn't sufficiently validate iframe sources under the scenario where a user embeds a video using the CKEditor YouTube integration leading...

SUSE CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

SUSE CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...

CVE-2025-6429

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox 140, Firefox ESR...

DEBIAN-CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox 140, Firefox ESR...

DEBIAN-CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...

CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox 140, Firefox ESR 128.12, Thunderbi...