CVE-2024-8804

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with...

CVE-2024-11749

The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-56256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer.This issue affects Embed PDF Viewer: from n/a through = 2.3.1...

CVE-2024-37221

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3...

CVE-2024-10814

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the cegetfile function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originati...

CVE-2024-11883

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-47811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin = 1.0.5 versions...

CVE-2023-23707

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...

CVE-2023-51694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Epiphyt Embed Privacy allows Stored XSS.This issue affects Embed Privacy: from n/a through 1.8.0...

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

CVE-2022-4788

The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2025-22769 · Unknown · Ajar In5 Embed

Name of the Vulnerable Software and Affected Versions: Ajar in5 Embed versions 3.1.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

WordPress plugin Ajar in5 Embed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

CVE-2022-30929

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper...

CVE-2021-36387

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4"...

CVE-2021-24337

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection...

CVE-2021-24540

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

CVE-2021-24395

The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2021-24464

The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue...