Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

289 matches found

Positive Technologies
Positive Technologiesadded 2023/12/11 12:0 a.m.7 views

PT-2023-32303 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress WordPress plugin versions prior to 3.9.2 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the EmbedPress WordPress plugin does not properly sanitise and escape user input before...

6.1CVSS6AI score0.0062EPSS
Exploits2References7
WPVulnDB
WPVulnDBadded 2023/11/24 12:0 a.m.8 views

EmbedPress < 3.8.4 - Cross-Site Request Forgery

Description The EmbedPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.3. This is due to missing nonce validation on the clicked function. This makes it possible for unauthenticated attackers to trigger notice clicks via a forged request...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2023/11/20 12:0 a.m.17 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC On a post/page where containing the following output...

6.1CVSS6.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDBadded 2023/11/20 12:0 a.m.17 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the HTML code below...

6.1CVSS5.9AI score0.0062EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2023/11/20 12:0 a.m.148 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below " / " /...

6.1CVSS6AI score0.0062EPSS
Exploits2
wpexploit
wpexploitadded 2023/11/20 12:0 a.m.171 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin On a post/page where containing the following output whic...

6.1CVSS6.5AI score0.00471EPSS
Exploits2
Patchstack
Patchstackadded 2023/11/17 12:0 a.m.2 views

WordPress EmbedPress Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 60378c6bfade Credits WordFence Required privilege...

5.9AI score
Exploits0References2Affected Software1
OSV
OSVadded 2023/08/10 12:15 p.m.2 views

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References4
OSV
OSVadded 2023/08/10 12:15 p.m.2 views

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References3
NVD
NVDadded 2023/08/10 12:15 p.m.18 views

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

5.4CVSS5.2AI score0.00419EPSS
Exploits0References4
NVD
NVDadded 2023/08/10 12:15 p.m.14 views

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References3
Prion
Prionadded 2023/08/10 12:15 p.m.18 views

Cross site scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

4.9CVSS5.2AI score0.00423EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2023/08/10 12:15 p.m.14 views

Design/Logic Flaw

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

4CVSS4.6AI score0.00419EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2023/08/10 11:5 a.m.38 views

CVE-2023-4283

CVE-2023-4283 pertains to the EmbedPress WordPress plugin. Affected: versions

6.4CVSS5.2AI score0.00423EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/08/10 11:5 a.m.27 views

CVE-2023-4283 EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/08/10 11:5 a.m.7 views

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/08/10 11:5 a.m.8 views

CVE-2023-4282 EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

5.4CVSS6.6AI score0.00419EPSS
Exploits0References4
CVE
CVEadded 2023/08/10 11:5 a.m.42 views

CVE-2023-4282

CVE-2023-4282 affects the WordPress plugin EmbedPress (versions

5.4CVSS4.6AI score0.00419EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDBadded 2023/08/10 12:0 a.m.16 views

EmbedPress < 3.8.3 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admi...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2023/08/10 12:0 a.m.6 views

PT-2023-28608 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress plugin for WordPress versions up to, and including, 3.8.2 Description: The issue is related to Stored Cross-Site Scripting via the 'embedpress calendar' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References7
Rows per page
Query Builder