PT-2023-28608 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress plugin for WordPress versions up to, and including, 3.8.2 Description: The issue is related to Stored Cross-Site Scripting via the 'embedpress calendar' shortcode due to insufficient input sanitization and output escaping on...

WordPress Plugin EmbedPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin EmbedPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress EmbedPress Plugin <= 3.8.2 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4282 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9300647917bb Credits Lana Codes Required privilege...

WordPress EmbedPress Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 92c19787339e Credits Rafie Muhammad Patchstack Required...

WordPress plugin EmbedPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress EmbedPress Plugin <= 3.7.3 is vulnerable to Sensitive Data Exposure

Software EmbedPress Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3371 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f1c35d9cb0cf Credits István Márton Required privileg...

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor < 3.8.0 - Sensitive Data Disclosure

The plugin could expose backup files if the web server had Directory Listing enabled...

PT-2022-24051 · WordPress · Embedpress Plugin

Name of the Vulnerable Software and Affected Versions: EmbedPress Plugin affected versions not specified Description: A vulnerability has been found in the EmbedPress Plugin, affecting an unknown functionality of the file post.php of the component Shortcode Handler. This issue leads to cross-site...