WordPress Embed Any Document plugin <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode vulnerability

Authenticated Contributor+ Blind Server-Side Request Forgery via embeddoc Shortcode vulnerability discovered by theviper17y in WordPress Plugin Embed Any Document versions = 2.7.5...

CVE-2024-13743 Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderpluginvideo shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13743 Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderpluginvideo shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Wonder Video Embed plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Wonder Video Embed versions = 2.2...

WordPress plugin Wonder Video Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-23523

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed Streaming Video: from n/a through = 3.23...

CVE-2025-26539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through = 3.2...

CVE-2025-23523

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed Streaming Video: from n/a through = 3.23...

CVE-2025-23523

CVE-2025-23523 affects the WordPress plugin HSS Embed Streaming Video (hoststreamsell) up to version 3.23, enabling a Reflected XSS vulnerability during web page generation. The connected sources confirm the issue as Reflected XSS without detailing exploit steps. Remediation guidance present in t...

CVE-2025-23523 WordPress HSS Embed Streaming Video plugin <= 3.23 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed Streaming Video: from n/a through = 3.23...

CVE-2025-26539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through = 3.2...

CVE-2025-26539 WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through = 3.2...

CVE-2025-26539

CVE-2025-26539 concerns the WordPress plugin “Embed Google Map” (petkivim) with a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Affected version(s) are reported as

CVE-2025-26539 WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in petkivim Embed Google Map allows Stored XSS. This issue affects Embed Google Map: from n/a through 3.2...

WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Embed Google Map versions = 3.2...

PT-2025-7180

Name of the Vulnerable Software and Affected Versions: petkivim Embed Google Map versions n/a through 3.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS in petkivim Embed Google Map...

Astra Linux – Vulnerability in Firefox, Thunderbird

A permission leak could have occurred from a trusted site to an untrusted site through embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

CVE-2025-25078

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrew Norcross Google Earth Embed google-earth-tours allows Stored XSS.This issue affects Google Earth Embed: from n/a through = 1.0...

CVE-2025-25081

Missing Authorization vulnerability in DeannaS Embed RSS embed-rss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Embed RSS: from n/a through = 3.1...

CVE-2025-22696

Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through = 1.1.0...