Lucene search
K

70 matches found

Patchstack
Patchstack
added 2024/06/05 12:0 a.m.19 views

WordPress EmbedPress Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09e449af3af2 Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00314EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/23 1:15 p.m.4 views

CVE-2024-1803

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions ...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.4 views

PT-2024-18319 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.12 Description: The issue is related to insufficient...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References5
OSV
OSV
added 2024/05/14 3:43 p.m.6 views

CVE-2024-4316

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin EmbedPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.3AI score0.0034EPSS
Exploits0References4
OSV
OSV
added 2024/04/09 7:15 p.m.5 views

CVE-2024-3244

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpresscalendar' shortcode in all versions up to, and including, 3.9.14...

5.4CVSS6AI score0.00509EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.26 views

CVE-2024-3244

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpresscalendar' shortcode in all versions up to, and including, 3.9.14...

6.4CVSS5.7AI score0.00509EPSS
Exploits0References3
CVE
CVE
added 2024/04/09 6:58 p.m.55 views

CVE-2024-3244

CVE-2024-3244 : The EmbedPress WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s embedpress_calendar shortcode in all versions up to and including 3.9.14, due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires aut...

6.4CVSS7.6AI score0.00509EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/06 12:0 a.m.7 views

WordPress Plugin EmbedPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS8AI score0.00323EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.14 views

WordPress EmbedPress Plugin <= 3.9.8 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31284 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0f53658201e5 Credits Majed Refaea Required...

9.8CVSS6.5AI score0.00397EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/23 3:15 a.m.3 views

CVE-2024-2688

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to...

5.4CVSS7.4AI score0.00343EPSS
Exploits0References2
NVD
NVD
added 2024/03/23 3:15 a.m.24 views

CVE-2024-2688

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to...

5.4CVSS5AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2024/03/23 3:15 a.m.3 views

CVE-2024-2468

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpressprotwitchtheme ' attribute in all versions up to, and...

5.4CVSS7.4AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.5 views

PT-2024-20488 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress plugin for WordPress versions up to, and including, 3.9.12 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the EmbedPress...

6.4CVSS7.9AI score0.00343EPSS
Exploits0References6
OSV
OSV
added 2024/03/07 9:15 p.m.4 views

CVE-2024-1802

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...

5.4CVSS7.4AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/03/07 8:15 p.m.2 views

CVE-2024-2128

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficien...

5.4CVSS7.4AI score0.00405EPSS
Exploits0References3
OSV
OSV
added 2024/02/29 1:43 a.m.3 views

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

5.4CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.3 views

PT-2024-18035 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.8 Description: The issue is related to Stored Cross-Site Scripti...

6.4CVSS8AI score0.00545EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/01/03 7:15 a.m.4 views

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient inpu...

6.4CVSS5.6AI score0.00427EPSS
Exploits0References4
NVD
NVD
added 2024/01/03 7:15 a.m.22 views

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient inpu...

6.4CVSS5.7AI score0.00427EPSS
Exploits0References3
Rows per page
Query Builder