CVE-2021-24541

The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

CVE-2021-24471

The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cclang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target,...

CVE-2020-18280

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...

CVE-2020-7642

lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...

CVE-2017-18561

The embed-comment-images plugin before 0.6 for WordPress has XSS...

CVE-1999-0685

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option...

CVE-2025-48346

Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through = 1.0.9...

CVE-2025-48346

Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through = 1.0.8...

CVE-2025-1627

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2025-21995 · Unknown · Etsy360 Embed/Integrate Etsy Shop

Name of the Vulnerable Software and Affected Versions: Etsy360 Embed and Integrate Etsy Shop versions 1.0.0 through 1.0.4 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For version...

WordPress Ajar in5 Embed plugin <= 3.1.5 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by LVT-tholv2k in WordPress Plugin Ajar in5 Embed versions = 3.1.5...

CVE-2025-47551

Cross-Site Request Forgery CSRF vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through = 1.4.6...

CVE-2025-47551

Cross-Site Request Forgery CSRF vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through = 1.4.6...

CVE-2025-47551 WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6...

CVE-2025-47551

CVE-2025-47551 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Wiki Embed plugin, affecting versions up to 1.4.6. The root cause is CSRF vulnerability leading to unauthorized settings changes. The CVSS v3.1 score is 4.3 (Medium). A fix is available in newer plugin ver...

CVE-2025-47551 WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through = 1.4.6...

WordPress plugin Wiki Embed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

PT-2025-20164 · Unknown · Ctltwp Wiki Embed

Name of the Vulnerable Software and Affected Versions: ctltwp Wiki Embed versions 1.4.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.4.6 and...

CVE-2025-46501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in biancardi Mixcloud Embed mixcloud-embed allows Stored XSS.This issue affects Mixcloud Embed: from n/a through = 2.2.0...

WordPress Mixcloud Embed plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Mixcloud Embed versions = 2.2.0...