Lucene search
K

70 matches found

OSV
OSV
added 2023/12/11 8:15 p.m.7 views

CVE-2023-5749

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.0062EPSS
Exploits2References1
OSV
OSV
added 2023/12/11 8:15 p.m.4 views

CVE-2023-5750

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00471EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.7 views

WordPress Plugin EmbedPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.1CVSS5.8AI score0.00471EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.11 views

PT-2023-32303 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress WordPress plugin versions prior to 3.9.2 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the EmbedPress WordPress plugin does not properly sanitise and escape user input before...

6.1CVSS6AI score0.0062EPSS
Exploits2References7
NVD
NVD
added 2023/08/10 12:15 p.m.18 views

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

5.4CVSS5.2AI score0.00419EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/10 11:5 a.m.8 views

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/10 11:5 a.m.8 views

CVE-2023-4282 EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

5.4CVSS6.6AI score0.00419EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/08/10 12:0 a.m.12 views

WordPress EmbedPress Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4283 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a24f75e878c8 Credits Lana Codes Required privilege...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/10 12:0 a.m.28 views

WordPress EmbedPress Plugin <= 3.8.2 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4282 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9300647917bb Credits Lana Codes Required privilege...

5.4CVSS6.6AI score0.00419EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.4 views

PT-2022-24051 · WordPress · Embedpress Plugin

Name of the Vulnerable Software and Affected Versions: EmbedPress Plugin affected versions not specified Description: A vulnerability has been found in the EmbedPress Plugin, affecting an unknown functionality of the file post.php of the component Shortcode Handler. This issue leads to cross-site...

5.7AI score
Exploits0References3
Rows per page
Query Builder