CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/15 8:18 p.m.•19 views

CVE-2026-48872

CVE-2026-48872 relates to the WordPress WordPress EmbedPress plugin (versions

7.5CVSS5.2AI score0.00278EPSS

Cvelist•added 2026/06/15 8:18 p.m.•24 views

CVE-2026-48872 WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS0.00278EPSS

EUVD•added 2026/06/15 8:18 p.m.•6 views

EUVD-2026-36850

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS5.2AI score0.00278EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•9 views

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS5.2AI score0.00278EPSS

Exploits0References2

RedhatCVE•added 2026/06/07 8:59 a.m.•18 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

NVD•added 2026/06/06 4:17 a.m.•11 views

CVE-2026-7796

6.4CVSS0.00234EPSS

EUVD•added 2026/06/06 2:28 a.m.•8 views

EUVD-2026-34951

Cvelist•added 2026/06/06 2:28 a.m.•35 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

6.4CVSS0.00234EPSS

CVE•added 2026/06/06 2:28 a.m.•19 views

CVE-2026-7796

Technical details (affected plugin version, root cause, exploit specifics) are not provided in the supplied documents; monitor for updates.

Vulnrichment•added 2026/06/06 2:28 a.m.•9 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

ATTACKERKB•added 2026/06/06 2:28 a.m.•11 views

CVE-2026-7796

Positive Technologies•added 2026/06/06 12:0 a.m.•14 views

Exploits0References12

PT-2026-47133

Name of the Vulnerable Software and Affected Versions EmbedPress versions prior to 4.5.4 Description The EmbedPress plugin for WordPress is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the target server. The issue occurs due to insufficient...

CNNVD•added 2026/06/06 12:0 a.m.•5 views

Exploits0References14

WordPress plugin EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Some...

6.4CVSS5.3AI score0.00234EPSS

Exploits0References12

Patchstack•added 2026/06/05 2:17 p.m.•8 views

WordPress EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by UKO - Korea univ. in WordPress Plugin EmbedPress versions = 4.5.3...

6.4CVSS5.4AI score0.00234EPSS

Patchstack•added 2026/06/01 2:47 p.m.•7 views

WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mukhlis Amien in WordPress Plugin EmbedPress versions = 4.5.2...

7.5CVSS5.8AI score0.00278EPSS

Exploits0Affected Software1

Patchstack•added 2026/02/02 8:30 p.m.•4 views

WordPress EmbedPress plugin <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via PDF Widget URL vulnerability discovered by RandomRoot in WordPress Plugin EmbedPress versions = 3.9.10...

6.4CVSS5.2AI score0.00344EPSS

Patchstack•added 2026/02/02 2:29 p.m.•7 views

WordPress EmbedPress plugin <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' vulnerability

Authenticated Contributor+ Stored Cross-site Scripting via 'embedpressdoccustomcolor' vulnerability discovered by WordFence in WordPress Plugin EmbedPress versions = 3.9.12...

5.4CVSS5.3AI score0.00343EPSS

Patchstack•added 2026/02/02 12:54 p.m.•5 views

WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Block vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin EmbedPress versions = 3.9.14...

6.4CVSS5.3AI score0.00323EPSS

RedhatCVE•added 2026/01/07 9:14 a.m.•7 views

CVE-2024-2128

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficien...

6.4CVSS5.8AI score0.00405EPSS