26 matches found
CVE-2024-1803
Summary (CVE-2024-1803) : The WordPress plugin EmbedPress (Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.) up to version 3.9.12 is vulnerable to unauthorized access of PDF embed functionality due to insufficient authorization validation on the PDF embed block. Impact, per sources, is that a...
CVE-2024-1425
CVE-2024-1425 : The WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.) is affected by a stored XSS in the Google Calendar Widget Link for all versions up to 3.9.8. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling...
CVE-2024-1349
CVE-2024-1349 concerns the WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.). Public records confirm a Stored Cross-Site Scripting vulnerability via the plugin’s shortcodes in versions up to 3.9.8 due to insufficient input sanitization and output escaping on user-...
CVE-2024-1802
EmbedPress for WordPress (the plugin: Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.) is affected by a Stored Cross‑Site Scripting vulnerability in the Wistia embed block. The root cause is insufficient input sanitization and output escaping on the user-supplied URL, enabling authenticated ...
CVE-2024-2688
The CVE-2024-2688 entry concerns the WordPress plugin EmbedPress (all versions up to 3.9.12; 3.9.13 introduced a fix). Root cause: insufficient input sanitization and output escaping on EmbedPress widget attributes (embedpress_doc_custom_color). Impact: authenticated attackers with Contributor+ p...
CVE-2024-2128
CVE-2024-2128 affects the WordPress plugin EmbedPress (Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.). The vulnerability is a Stored Cross‑Site Scripting flaw in the plugin’s embed widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows au...
CVE-2024-31284
CVE-2024-31284 describes a Missing Authorization vulnerability in the WPDeveloper EmbedPress WordPress plugin, affecting EmbedPress versions up to 3.9.8. The NVD entry lists a CRITICAL base score (CVSS 3.1: 9.8) with high impact to confidentiality, integrity, and availability, indicating severe r...
CVE-2024-11203
The CVE-2024-11203 entry concerns the WordPress EmbedPress plugin (versions up to and including 4.1.3). The root cause is insufficient input sanitization and output escaping in the provider_name parameter, enabling Stored Cross-Site Scripting. The attack requires authenticated access at Contribut...
CVE-2024-3245
CVE-2024-3245 affects the WordPress plugin EmbedPress (EmbedPDF/YouTube block). It is a Stored XSS vulnerability in the Youtube block across all versions up to 3.9.14 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or hig...
CVE-2024-43328
CVE-2024-43328 is a Path Traversal (PHP Local File Inclusion) vulnerability in the WordPress plugin EmbedPress. The issue allows LFI due to improper limitation of a pathname and affects EmbedPress versions up to 4.0.9 (n/a). Connected sources indicate the vulnerability was publicly reported and l...
CVE-2024-2468
CVE-2024-2468 affects the WordPress plugin EmbedPress (versions ≤ 3.9.12). The vulnerability is a Stored Cross-Site Scripting flaw in the EmbedPress widget attribute embedpress_pro_twitch_theme caused by insufficient input sanitization and output escaping. This could allow authenticated attackers...
CVE-2023-6986
The CVE-2023-6986 vulnerability affects the WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.). It enables Stored Cross‑Site Scripting via the embed_oembed_html shortcode in all versions before 3.9.5 due to insufficient input sanitization and output escaping of use...
CVE-2023-51375
CVE-2023-51375 affects the WordPress EmbedPress plugin up to version 3.8.3 and is described as a Missing Authorization / Broken Access Control vulnerability. The impact is stated variably: CVSS v3.1 base score 8.8 (NVD) and a separate 4.3 (PatchStack CNA), with exploitation details not provided i...
CVE-2024-38707
CVE-2024-38707 corresponds to a Missing Authorization vulnerability in WPDeveloper EmbedPress for WordPress. The issue arises from broken access control that could allow unauthorized access to restricted operations in EmbedPress versions up to 4.0.4. CVSS v3.1 data from the provided sources indic...
CVE-2024-3244
CVE-2024-3244 : The EmbedPress WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s embedpress_calendar shortcode in all versions up to and including 3.9.14, due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires aut...
CVE-2024-43936
CVE-2024-43936 affects the WordPress plugin EmbedPress (Embedded content) with a Stored XSS via input during web page generation due to improper neutralization. Affected: EmbedPress versions up to and including 4.0.8 . Remediation: patch released (fixed in 4.0.8). Exploitation status is not detai...
CVE-2024-31274
CVE-2024-31274: WPDeveloper EmbedPress for WordPress is affected by a Missing Authorization (Broken Access Control) vulnerability in EmbedPress versions up to 3.9.11. Public sources (NVD, Red Hat) rate the CVSS v3.1 base score at 5.3 (Medium), with impact limited to integrity. Public exploitation...
CVE-2024-5571
CVE-2024-5571 affects the EmbedPress plugin for WordPress (EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.). It is a Stored XSS vulnerability in the EmbedPress PDF widget via the url attribute in versions up to 4.0.1, allowing authenticated attackers with contributor-level acces...
CVE-2024-1565
The CVE-CVE-2024-1565 corresponds to a Stored Cross-Site Scripting via the PDF Widget URL in the WordPress plugin EmbedPress (versions up to and including 3.9.10). Exploitation requires authentication at contributor level or higher; an attacker can inject arbitrary scripts on pages viewed by user...
CVE-2024-50461
CVE-2024-50461: WPDeveloper EmbedPress
CVE-2023-3371
CVE-2023-3371 affects the EmbedPress WordPress plugin (
CVE-2023-5749
The CVE concerns the EmbedPress WordPress plugin before version 3.9.2, which does not sanitise or escape user input before rendering it on a page, causing a Reflected XSS. The issue could be exploited against high-privilege users such as admins. Affected software: EmbedPress WordPress plugin (ver...
CVE-2023-4282
CVE-2023-4282 affects the WordPress plugin EmbedPress (versions
CVE-2023-4283
CVE-2023-4283 pertains to the EmbedPress WordPress plugin. Affected: versions
CVE-2023-5750
The CVE-2023-5750 entry affects the WordPress plugin EmbedPress prior to version 3.9.2, where a parameter is not properly sanitized/escaped before being echoed on a page, enabling a Reflected XSS. Impact is described as affecting high-privilege users such as admins. Technical details across conne...
CVE-2024-4316
CVE-2024-4316 affects the EmbedPress plugin for WordPress. The vulnerability is Stored Cross-Site Scripting via the id parameter in EmbedPress