CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2023-5750

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3...

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient inpu...

CVE-2025-22696

Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through = 1.1.0...

CVE-2025-22696

Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through = 1.1.0...

CVE-2025-22696 WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0...

CVE-2025-22696

CVE-2025-22696): WordPress Document Block – Upload & Embed Docs plugin (Document Block – Upload & Embed Docs) contains a Missing Authorization vulnerability affecting versions 1.1.0 and earlier. The issue arises from insufficient authorization checks, enabling an unauthenticated actor to perform ...

CVE-2025-22696 WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through = 1.1.0...

PT-2025-4631 · Unknown · Embedpress Document Block – Upload & Embed Docs

Name of the Vulnerable Software and Affected Versions: Document Block – Upload & Embed Docs versions 1.1.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in the EmbedPress Document Block – Upload & Embed Docs. This vulnerability affects the ability to...

CVE-2024-11203

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘providername parameter in all versions up to, and including, 4.1.3 due t...

CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘providername parameter in all versions up to, and including, 4.1.3 due t...

CVE-2024-11203

The CVE-2024-11203 entry concerns the WordPress EmbedPress plugin (versions up to and including 4.1.3). The root cause is insufficient input sanitization and output escaping in the provider_name parameter, enabling Stored Cross-Site Scripting. The attack requires authenticated access at Contribut...

CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘providername parameter in all versions up to, and including, 4.1.3 due t...

PT-2024-16821 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress versions up to, and including, 4.1.3 Description: The issue is related to...

WordPress plugin EmbedPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress EmbedPress plugin <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'providername' vulnerability discovered by Max Boll b0lli in WordPress Plugin EmbedPress versions = 4.1.3...

WordPress EmbedPress Plugin <= 4.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11203 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 903c99a746e2 Credits Max Boll b0lli Required...

CVE-2024-38707

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4...

CVE-2024-38707

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4...