CVE-2024-43936

CVE-2024-43936 affects the WordPress plugin EmbedPress (Embedded content) with a Stored XSS via input during web page generation due to improper neutralization. Affected: EmbedPress versions up to and including 4.0.8 . Remediation: patch released (fixed in 4.0.8). Exploitation status is not detai...

CVE-2024-43328

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9...

CVE-2024-43328

CVE-2024-43328 is a Path Traversal (PHP Local File Inclusion) vulnerability in the WordPress plugin EmbedPress. The issue allows LFI due to improper limitation of a pathname and affects EmbedPress versions up to 4.0.9 (n/a). Connected sources indicate the vulnerability was publicly reported and l...

CVE-2024-43328 WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9...

CVE-2024-43328 WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9...

PT-2024-30495 · Wpdeveloper · Wpdeveloper Embedpress

Name of the Vulnerable Software and Affected Versions: WPDeveloper EmbedPress versions prior to 4.0.10 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This can potentially...

CVE-2024-43129

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8...

CVE-2024-43129

CVE-2024-43129 affects the WordPress plugin BetterDocs (affected versions: n/a up to 3.5.8) and involves an authenticated Local File Inclusion via path traversal in BetterDocs. The root cause is improper limitation of a pathname to a restricted directory. The vulnerability is documented with a pa...

CVE-2024-43227

CVE-2024-43227 affects the WordPress plugin BetterDocs. Public details in connected docs indicate an Authenticated (Contributor+) Local File Inclusion in BetterDocs versions up to 3.5.8, with patch/status noted as patched in the Wordfence entry. Public exploitation specifics are not provided in t...

PT-2024-30391 · Wpdeveloper · Wpdeveloper Betterdocs

Name of the Vulnerable Software and Affected Versions: WPDeveloper BetterDocs versions 3.5.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: F...

CVE-2024-39649

CVE-2024-39649 is a stored XSS in WPDeveloper Essential Addons for Elementor (Lite) up to version 5.9.26. Affected component: Essential Addons for Elementor plugin. Root cause: improper neutralization of input during web page generation. Impact per sources: potential stored XSS in affected pages;...

CVE-2024-39649 WordPress Essential Addons for Elementor plugin <= 5.9.26 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite.This issue affects Essential Addons for Elementor: from n/a through = 5.9.26...

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3...

CVE-2023-51375

CVE-2023-51375 affects the WordPress EmbedPress plugin up to version 3.8.3 and is described as a Missing Authorization / Broken Access Control vulnerability. The impact is stated variably: CVSS v3.1 base score 8.8 (NVD) and a separate 4.3 (PatchStack CNA), with exploitation details not provided i...

CVE-2024-5058

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5...

WordPress Essential Addons for Elementor Plugin <= 5.9.23 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.23 Fixed in 5.9.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5189 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID ca68df009ac9 Credits wesley wcra...

CVE-2024-31284

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8...

CVE-2024-31284

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8...

CVE-2024-31284 WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8...

CVE-2024-31274

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11...