WordPress iframe to embed plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin iframe to embed versions = 1.2...

WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Video Embed Optimizer versions = 1.0.0...

WordPress App Embed plugin <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin App Embed versions = 2.3.2...

CVE-2024-11749

The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-11749 App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-11749 App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-11749

CVE-2024-11749 affects the App Embed WordPress plugin (appizy-app-embed) up to version 2.3.2. Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the appizy shortcode, enabling stored XSS. Impact: authenticated users with contributor-level access can inj...

CVE-2024-12170 ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection

The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries...

CVE-2024-12170

CVE-2024-12170 affects ViewMedica 9 WordPress plugin (versions up to 1.4.15). The vulnerability is a Cross-Site Request Forgery (CSRF) on the Viewmedica-Admin page that enables unauthenticated attackers to cause the system to accept forged requests. This can allow an admin-facing action to trigge...

WordPress plugin Video Embed Optimizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin iframe to embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin App Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-4536 · Unknown · Sw-Galati.Ro

Name of the Vulnerable Software and Affected Versions: sw-galati.ro iframe to embed versions n/a through 1.2 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS in the iframe to embed...

PT-2025-1686 · WordPress · App Embed

Name of the Vulnerable Software and Affected Versions: App Embed plugin for WordPress versions up to and including 2.3.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'appizy'...

WordPress ViewMedica Embed plugin <= 1.4.15 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by minhtuanact in WordPress Plugin ViewMedica 9 versions = 1.4.15...

CVE-2024-56256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer.This issue affects Embed PDF Viewer: from n/a through = 2.3.1...

CVE-2024-56256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1...

CVE-2024-56256 WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer.This issue affects Embed PDF Viewer: from n/a through = 2.3.1...

CVE-2024-56256

CVE-2024-56256 corresponds to a stored Cross-Site Scripting (XSS) flaw in the WordPress Embed PDF Viewer plugin (

CVE-2024-56256 WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer.This issue affects Embed PDF Viewer: from n/a through = 2.3.1...