1602 matches found
CVE-2025-47642 WordPress Ajar in5 Embed plugin <= 3.1.5 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through = 3.1.5...
CVE-2025-47642
CVE-2025-47642 affects WordPress plugin Ajar in5 Embed up to version 3.1.5, with an Unrestricted Upload of File with Dangerous Type vulnerability that allows an attacker to upload a Web Shell to the web server. Technical details across connected sources confirm the affected software (Ajar in5 Emb...
CVE-2025-23890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tom Ewer Easy Tweet Embed easy-tweet-embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through = 1.7...
CVE-2025-23841
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foo123 Top Flash Embed top-flash-embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through = 0.3.4...
CVE-2025-22554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fdfranklin06 Video Embed Optimizer video-embed-optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through = 1.0.0...
CVE-2025-24595
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...
CVE-2024-32092
Cross-Site Request Forgery CSRF vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3...
CVE-2024-1571
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...
CVE-2024-5475
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2024-32472
excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...
CVE-2024-32775
Server-Side Request Forgery SSRF vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9...
CVE-2024-1803
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions ...
CVE-2024-10185
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-10176
The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scembedplayer shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-10184
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-9897
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-51904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joan Boluda Embed documents shortcode embed-documents-shortcode allows Stored XSS.This issue affects Embed documents shortcode: from n/a through = 1.5...
CVE-2024-11774
The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-37216
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5...
CVE-2024-13700
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...