Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
WpdeveloperEmbedpress*

15 matches found

CVE
CVEadded 2024/02/20 6:56 p.m.71 views

CVE-2024-1425

CVE-2024-1425 : The WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.) is affected by a stored XSS in the Google Calendar Widget Link for all versions up to 3.9.8. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling...

6.4CVSS6AI score0.00939EPSS
CVE
CVEadded 2024/02/20 6:56 p.m.67 views

CVE-2024-1349

CVE-2024-1349 concerns the WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.). Public records confirm a Stored Cross-Site Scripting vulnerability via the plugin’s shortcodes in versions up to 3.9.8 due to insufficient input sanitization and output escaping on user-...

6.4CVSS6AI score0.00693EPSS
CVE
CVEadded 2024/06/09 6:10 p.m.60 views

CVE-2024-31284

CVE-2024-31284 describes a Missing Authorization vulnerability in the WPDeveloper EmbedPress WordPress plugin, affecting EmbedPress versions up to 3.9.8. The NVD entry lists a CRITICAL base score (CVSS 3.1: 9.8) with high impact to confidentiality, integrity, and availability, indicating severe r...

9.8CVSS8AI score0.00205EPSS
CVE
CVEadded 2024/11/28 8:47 a.m.59 views

CVE-2024-11203

The CVE-2024-11203 entry concerns the WordPress EmbedPress plugin (versions up to and including 4.1.3). The root cause is insufficient input sanitization and output escaping in the provider_name parameter, enabling Stored Cross-Site Scripting. The attack requires authenticated access at Contribut...

6.4CVSS5.7AI score0.00126EPSS
CVE
CVEadded 2024/08/19 7:26 p.m.59 views

CVE-2024-43328

CVE-2024-43328 is a Path Traversal (PHP Local File Inclusion) vulnerability in the WordPress plugin EmbedPress. The issue allows LFI due to improper limitation of a pathname and affects EmbedPress versions up to 4.0.9 (n/a). Connected sources indicate the vulnerability was publicly reported and l...

9.8CVSS8.3AI score0.01181EPSS
CVE
CVEadded 2024/01/03 6:41 a.m.57 views

CVE-2023-6986

The CVE-2023-6986 vulnerability affects the WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.). It enables Stored Cross‑Site Scripting via the embed_oembed_html shortcode in all versions before 3.9.5 due to insufficient input sanitization and output escaping of use...

6.4CVSS5.2AI score0.00154EPSS
CVE
CVEadded 2024/06/21 1:37 p.m.54 views

CVE-2023-51375

CVE-2023-51375 affects the WordPress EmbedPress plugin up to version 3.8.3 and is described as a Missing Authorization / Broken Access Control vulnerability. The impact is stated variably: CVSS v3.1 base score 8.8 (NVD) and a separate 4.3 (PatchStack CNA), with exploitation details not provided i...

8.8CVSS5.7AI score0.0022EPSS
CVE
CVEadded 2024/08/29 6:7 p.m.53 views

CVE-2024-43936

CVE-2024-43936 affects the WordPress plugin EmbedPress (Embedded content) with a Stored XSS via input during web page generation due to improper neutralization. Affected: EmbedPress versions up to and including 4.0.8 . Remediation: patch released (fixed in 4.0.8). Exploitation status is not detai...

6.5CVSS6.2AI score0.00314EPSS
CVE
CVEadded 2024/06/09 11:18 a.m.51 views

CVE-2024-31274

CVE-2024-31274: WPDeveloper EmbedPress for WordPress is affected by a Missing Authorization (Broken Access Control) vulnerability in EmbedPress versions up to 3.9.11. Public sources (NVD, Red Hat) rate the CVSS v3.1 base score at 5.3 (Medium), with impact limited to integrity. Public exploitation...

5.3CVSS5.3AI score0.00186EPSS
CVE
CVEadded 2024/11/01 2:18 p.m.51 views

CVE-2024-38707

CVE-2024-38707 corresponds to a Missing Authorization vulnerability in WPDeveloper EmbedPress for WordPress. The issue arises from broken access control that could allow unauthorized access to restricted operations in EmbedPress versions up to 4.0.4. CVSS v3.1 data from the provided sources indic...

8.8CVSS6.3AI score0.00231EPSS
CVE
CVEadded 2024/10/28 5:48 p.m.49 views

CVE-2024-50461

CVE-2024-50461: WPDeveloper EmbedPress

6.5CVSS5.9AI score0.00177EPSS
CVE
CVEadded 2024/06/13 8:31 a.m.48 views

CVE-2024-1565

The CVE-CVE-2024-1565 corresponds to a Stored Cross-Site Scripting via the PDF Widget URL in the WordPress plugin EmbedPress (versions up to and including 3.9.10). Exploitation requires authentication at contributor level or higher; an attacker can inject arbitrary scripts on pages viewed by user...

6.4CVSS5.5AI score0.00297EPSS
CVE
CVEadded 2024/06/05 8:33 a.m.48 views

CVE-2024-5571

CVE-2024-5571 affects the EmbedPress plugin for WordPress (EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, YouTube, etc.). It is a Stored XSS vulnerability in the EmbedPress PDF widget via the url attribute in versions up to 4.0.1, allowing authenticated attackers with contributor-level acces...

6.4CVSS5.5AI score0.00233EPSS
CVE
CVEadded 2023/12/11 7:22 p.m.45 views

CVE-2023-5749

The CVE concerns the EmbedPress WordPress plugin before version 3.9.2, which does not sanitise or escape user input before rendering it on a page, causing a Reflected XSS. The issue could be exploited against high-privilege users such as admins. Affected software: EmbedPress WordPress plugin (ver...

6.1CVSS6AI score0.0146EPSS
Web
CVE
CVEadded 2023/12/11 7:22 p.m.37 views

CVE-2023-5750

The CVE-2023-5750 entry affects the WordPress plugin EmbedPress prior to version 3.9.2, where a parameter is not properly sanitized/escaped before being echoed on a page, enabling a Reflected XSS. Impact is described as affecting high-privilege users such as admins. Technical details across conne...

6.1CVSS6AI score0.00136EPSS
Web