VYPR

Embed Swagger

by WordPress

CVEs (2)

  • CVE-2024-13700MedJan 30, 2025
    risk 0.42cvss 6.4epss 0.00

    The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2022-0381MedFeb 4, 2022
    risk 0.40cvss 6.1epss 0.04

    The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in…