Lucene search
K

70 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.4 views

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitizatio...

6.4CVSS4.9AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.3 views

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

6.4CVSS5.1AI score0.00545EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:7 a.m.16 views

CVE-2024-2688

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to...

5.4CVSS5.8AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.4 views

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

5.4CVSS5.9AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.9 views

CVE-2023-5750

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00471EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.11 views

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient inpu...

6.4CVSS5.8AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/11/28 9:15 a.m.22 views

CVE-2024-11203

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘providername parameter in all versions up to, and including, 4.1.3 due t...

6.4CVSS0.00363EPSS
Exploits0References4
CVE
CVE
added 2024/11/28 8:47 a.m.68 views

CVE-2024-11203

The CVE-2024-11203 entry concerns the WordPress EmbedPress plugin (versions up to and including 4.1.3). The root cause is insufficient input sanitization and output escaping in the provider_name parameter, enabling Stored Cross-Site Scripting. The attack requires authenticated access at Contribut...

6.4CVSS5.7AI score0.00363EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.4 views

PT-2024-16821 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress versions up to, and including, 4.1.3 Description: The issue is related to...

6.4CVSS6.1AI score0.00363EPSS
Exploits0References8
OSV
OSV
added 2024/08/29 6:15 p.m.2 views

CVE-2024-43936

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8...

5.4CVSS5.8AI score0.00279EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/08/26 9:39 a.m.5 views

WordPress EmbedPress plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin EmbedPress versions = 4.0.8...

6.5CVSS6.1AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:52 p.m.5 views

WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin EmbedPress versions = 4.0.9...

9.8CVSS7AI score0.0047EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/11 10:29 a.m.6 views

WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin EmbedPress versions = 4.0.4...

8.8CVSS7AI score0.00408EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/27 2:3 p.m.4 views

WordPress Embedpress plugin <= 4.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin EmbedPress versions = 4.0.2...

8.8CVSS8AI score0.72648EPSS
Exploits15Affected Software1
NVD
NVD
added 2024/06/21 2:15 p.m.21 views

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3...

8.8CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2024/06/13 9:15 a.m.3 views

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitizatio...

5.4CVSS5.9AI score0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/13 8:31 a.m.20 views

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitizatio...

6.4CVSS5.8AI score0.00344EPSS
Exploits0References3
OSV
OSV
added 2024/06/05 9:15 a.m.3 views

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

5.4CVSS6AI score0.00314EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/06/05 9:15 a.m.3 views

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

6.4CVSS6.1AI score0.00314EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/05 3:9 a.m.4 views

WordPress EmbedPress plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability discovered by wesley wcraft in WordPress Plugin EmbedPress versions = 4.0.1...

6.4CVSS5.8AI score0.00314EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder