Lucene search

K

15 matches found

CVE
CVE
added 2024/02/29 1:43 a.m.65 views

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input s...

6.4CVSS6AI score0.00761EPSS
CVE
CVE
added 2024/02/29 1:43 a.m.61 views

CVE-2024-1349

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitiz...

6.4CVSS6AI score0.00561EPSS
CVE
CVE
added 2024/11/28 9:15 a.m.52 views

CVE-2024-11203

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to...

6.4CVSS5.7AI score0.00083EPSS
CVE
CVE
added 2024/06/09 7:15 p.m.51 views

CVE-2024-31284

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.

9.8CVSS8AI score0.00205EPSS
CVE
CVE
added 2024/01/03 7:15 a.m.46 views

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient in...

6.4CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2024/08/19 8:15 p.m.44 views

CVE-2024-43328

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9.

9.8CVSS8.3AI score0.00491EPSS
CVE
CVE
added 2024/08/29 6:15 p.m.43 views

CVE-2024-43936

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8.

6.5CVSS6.2AI score0.0007EPSS
CVE
CVE
added 2024/11/01 3:15 p.m.42 views

CVE-2024-38707

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.

8.8CVSS6.3AI score0.00205EPSS
CVE
CVE
added 2024/06/21 2:15 p.m.41 views

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3.

8.8CVSS5.7AI score0.0022EPSS
CVE
CVE
added 2024/06/09 12:15 p.m.41 views

CVE-2024-31274

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11.

5.3CVSS5.3AI score0.00186EPSS
CVE
CVE
added 2024/06/05 9:15 a.m.39 views

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and in...

6.4CVSS5.5AI score0.00172EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.38 views

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization ...

6.4CVSS5.5AI score0.00219EPSS
CVE
CVE
added 2024/10/28 6:15 p.m.38 views

CVE-2024-50461

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.14.

6.5CVSS6.2AI score0.00064EPSS
CVE
CVE
added 2023/12/11 8:15 p.m.33 views

CVE-2023-5749

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS6AI score0.0146EPSS
Web
CVE
CVE
added 2023/12/11 8:15 p.m.24 views

CVE-2023-5750

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS6AI score0.00136EPSS
Web