Show filters
346 Total Results
Displaying 111-120 of 346
Sort by:
Attacker Value
Unknown

CVE-2024-1803

Disclosure Date: May 23, 2024 (last updated January 12, 2025)
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.
0
Attacker Value
Unknown

CVE-2024-22429

Disclosure Date: May 17, 2024 (last updated January 31, 2025)
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
Attacker Value
Unknown

CVE-2024-4316

Disclosure Date: May 14, 2024 (last updated January 12, 2025)
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attacker Value
Unknown

CVE-2024-34561

Disclosure Date: May 08, 2024 (last updated May 09, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71.
0
Attacker Value
Unknown

CVE-2024-33925

Disclosure Date: May 03, 2024 (last updated May 03, 2024)
Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0.
0
Attacker Value
Unknown

CVE-2024-2542

Disclosure Date: May 02, 2024 (last updated January 05, 2025)
The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32527 is likely a duplicate of this issue.
0
Attacker Value
Unknown

CVE-2024-0216

Disclosure Date: April 30, 2024 (last updated January 05, 2025)
The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
0
Attacker Value
Unknown

CVE-2024-32775

Disclosure Date: April 24, 2024 (last updated April 24, 2024)
Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.
0
Attacker Value
Unknown

CVE-2024-32694

Disclosure Date: April 22, 2024 (last updated April 22, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62.
0
Attacker Value
Unknown

CVE-2024-32561

Disclosure Date: April 18, 2024 (last updated April 18, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagembed allows Stored XSS.This issue affects Tagembed: from n/a through 4.7.
0