The Magic Embeds plugin for WordPress has a security vulnerability that affects all versions up until 3.0.10. Attackers with user permissions at the level of ‘contributor’ or higher may be able to insert malicious web scripts in pages which will run every time the page is opened. This is caused by a lack of proper sanitization and output protection of user-supplied data.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
