EUVD-2024-17527

Malicious code in bioql PyPI...

Malicious code in wistia_namespace.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37411af0efaa1331025c7ba0aaa00b729cc7b5eb9425392726c6f2c7de602179 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpresscalendar' shortcode in all versions up to, and...

CVE-2024-2688

The CVE-2024-2688 entry concerns the WordPress plugin EmbedPress (all versions up to 3.9.12; 3.9.13 introduced a fix). Root cause: insufficient input sanitization and output escaping on EmbedPress widget attributes (embedpress_doc_custom_color). Impact: authenticated attackers with Contributor+ p...

CVE-2024-1802

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

CVE-2024-1802

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

Cross site scripting

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

CVE-2024-1802 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

CVE-2024-1802

EmbedPress for WordPress (the plugin: Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.) is affected by a Stored Cross‑Site Scripting vulnerability in the Wistia embed block. The root cause is insufficient input sanitization and output escaping on the user-supplied URL, enabling authenticated ...

CVE-2024-1802 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block

Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10...

PT-2024-18318 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored...

MAL-2022-6918 Malicious code in videojs-wistia (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 689d1a34d7095f6a582f40f279911a00c45a371e67dae5812680e2d47c76af06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in videojs-wistia (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 689d1a34d7095f6a582f40f279911a00c45a371e67dae5812680e2d47c76af06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HackerOne: Reflected XSS on www.hackerone.com via Wistia embed code

Summary: The HackerOne marketing site uses Wistia to host and embed videos using html snippets similar to the following: html The issue is that the E-v1.js script is vulnerable to prototype pollution when setting up the logging, via both the url and the document referrer: javascript...

Trello: DOM based XSS via Wistia embedding

Hi, You are using Wistia to embed video at trello.com. However external script from fast.wistia.com vulnerable to XSS and allows to run malicious javascript on your side. vulnerable code: fast.wistia.net/assets/external/E-v1.js I found that parameter wchannel can be controled to load js from...