EUVD-2026-32053

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

PT-2026-43523

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem video' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the video...

CVE-2025-14119

The App Landing Template Blocks for WPBakery Visual Composer Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'atvcvideoplay' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied...

EUVD-2025-26901

Malicious code in bioql PyPI...

CVE-2025-58876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

CVE-2025-58876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

CVE-2025-58876 WordPress Aparat Video Shortcode Plugin <= 0.2.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

CVE-2025-58876 WordPress Aparat Video Shortcode Plugin <= 0.2.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

CVE-2025-58876

CVE-2025-58876 is a Stored XSS in the WordPress plugin “Aparat Video Shortcode”. Affected versions are up to 0.2.4 (reported as: Aparat Video Shortcode: from n/a through 0.2.4). The underlying issue is improper input neutralization during web page generation, enabling stored cross-site scripting....

WordPress Aparat Video Shortcode Plugin <= 0.2.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin Aparat Video Shortcode versions = 0.2.4...

PT-2025-36215

Name of the Vulnerable Software and Affected Versions: Aparat Video Shortcode versions through 0.2.4 Description: The Ali Aghdam Aparat Video Shortcode software contains a Stored Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the...

WordPress plugin Aparat Video Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-10181

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newslettersvideo shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6629

The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress All-in-One Video Gallery plugin <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Video Shortcode vulnerability discovered by Webbernaut in WordPress Plugin All-in-One Video Gallery versions = 3.7.1...

WordPress plugin All-in-One Video Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

PT-2024-37758 · WordPress · All-In-One Video Gallery

Name of the Vulnerable Software and Affected Versions: All-in-One Video Gallery plugin for WordPress versions up to, and including, 3.7.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Video shortcode, allowing...

CVE-2024-5205

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...