CVE-2024-11883

CVE-2024-11883 affects the Connatix Video Embed WordPress plugin. The vulnerability is a Stored XSS via the plugin shortcode cnx_script_code in versions up to and including 1.0.5, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at l...

CVE-2024-11883 Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11883 Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnxscriptcode' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Connatix Video Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Connatix Video Embed plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Connatix Video Embed versions = 1.0.5...

CVE-2024-12463

The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenaembedamp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-11901 PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MOAPIPOWERBI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-17605 · WordPress · Arena.Im – Live Blogging For Real-Time Events

Name of the Vulnerable Software and Affected Versions: Arena.IM – Live Blogging for real-time events plugin for WordPress versions up to, and including, 0.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's arena embed amp shortcode due to insufficient input...

WordPress plugin PowerBI Embed Reports 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Arena.IM – Live Blogging for real-time events plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via arenaembedamp Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.4.1...

WordPress plugin StreamWeasels YouTube Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

Flowise OverrideConfig security vulnerability

Impact Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a major security vulnerability...

CVE-2024-51904

CVE-2024-51904 is a Stored XSS in the WordPress plugin Embed documents shortcode (Joan Boluda) affecting versions 1.5 and earlier. Root cause: improper input neutralization during page generation. Impact: Stored cross-site scripting via the shortcode. Remediation: upgrade to version 1.5 or later ...

WordPress plugin Embed documents shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2024-35036 · Joan Boluda · Embed Documents Shortcode

Name of the Vulnerable Software and Affected Versions: Joan Boluda Embed documents shortcode versions 1.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. The Embed...

firefox: thunderbird: Permission leak via embed or object elements

The Mozilla Foundation's Security Advisory: A permission leak could occur from a trusted site to an untrusted site via embed or object elements...

firefox: thunderbird: Permission leak via embed or object elements

The Mozilla Foundation's Security Advisory: A permission leak could occur from a trusted site to an untrusted site via embed or object elements...

CVE-2024-51606

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9...

CVE-2024-51606

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through = 1.6.9...

CVE-2024-51606

The CVE-2024-51606 vulnerability affects the WordPress plugin Blrt WP Embed, version