EUVD-2023-12432

Malicious code in bioql PyPI...

CVE-2024-3984

The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocialreviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...

CVE-2023-0371

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3984

The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocialreviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-3984

The CVE CVE-2024-3984 affects the EmbedSocial – Social Media Feeds, Reviews and Galleries WordPress plugin (up to version 1.1.29). The issue is Stored XSS via the plugin shortcode embedsocial_reviews due to insufficient input sanitization and output escaping on user-supplied attributes. Impact is...

WordPress plugin EmbedSocial security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress EmbedSocial plugin <= 1.1.29 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin EmbedSocial versions = 1.1.29...

WordPress EmbedSocial Plugin <= 1.1.29 is vulnerable to Cross Site Scripting (XSS)

Software EmbedSocial Type Plugin Vulnerable versions = 1.1.29 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3984 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9b4cd9d91bb7 Credits Krzysztof Zając Required...

CVE-2023-0371

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0371 EmbedSocial < 1.1.28 - Contributor+ Stored XSS

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0371

CVE-2023-0371 affects the EmbedSocial WordPress plugin prior to version 1.1.28. The vulnerability stems from inadequate validation and escaping of shortcode attributes before output, enabling Stored XSS for users with the contributor role and above. Impact is stored cross-site scripting on pages/...

WordPress plugin EmbedSocial 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress EmbedSocial Plugin < 1.1.28 is vulnerable to Cross Site Scripting (XSS)

Software EmbedSocial Type Plugin Vulnerable versions 1.1.28 Fixed in 1.1.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80b948605bdb Credits István Márton Required...

EmbedSocial < 1.1.28 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC embedsocialstories id="'...

EmbedSocial < 1.1.28 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks embedsocialstories id="' onmouseover='alert1...

embedsocial.com Cross Site Scripting vulnerability OBB-1412481

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...