Embedpress

Source repositories

https://plugins.svn.wordpress.org/embedpress

CVEs (16)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-1565	Wpdeveloper Embedpress	Med	0.42	6.4	0.00	Jun 13, 2024	The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to…
CVE-2024-2468	Wpdeveloper Embedpress	Med	0.42	6.4	0.00	Mar 23, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all…
CVE-2024-1802	Wpdeveloper Embedpress	Med	0.42	6.4	0.00	Mar 7, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including,…
CVE-2024-2128	Wpdeveloper Embedpress	Med	0.42	6.4	0.00	Mar 7, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including,…
CVE-2024-1425	Wpdeveloper Embedpress	Med	0.42	6.4	0.01	Feb 29, 2024	The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due…
CVE-2024-1349	Wpdeveloper Embedpress	Med	0.42	6.4	0.01	Feb 29, 2024	The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to…
CVE-2023-6986	Wpdeveloper Embedpress	Med	0.42	6.4	0.00	Jan 3, 2024	The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive)…
CVE-2024-5571	Wpdeveloper Embedpress	Med	0.35	6.4	0.00	Jun 5, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all…
CVE-2024-3244	Wpdeveloper Embedpress	Med	0.35	6.4	0.00	Apr 9, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to,…
CVE-2024-3245	Wpdeveloper Embedpress	Med	0.35	6.4	0.00	Apr 6, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including,…
CVE-2024-2688	Wpdeveloper Embedpress	Med	0.35	5.4	0.00	Mar 23, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including,…
CVE-2023-4283	Wpdeveloper Embedpress	Med	0.35	6.4	0.00	Aug 10, 2023	The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
CVE-2023-4282	Wpdeveloper Embedpress	Med	0.28	5.4	0.00	Aug 10, 2023	The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with…
CVE-2023-3371	Wpdeveloper Embedpress	Med	0.28	5.3	0.01	Jun 27, 2023	The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated…
CVE-2024-1803	Wpdeveloper Embedpress	Med	0.21	4.3	0.00	May 23, 2024	The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed…
CVE-2024-11203	Wpdeveloper Embedpress		0.00	—	0.00	Nov 28, 2024	The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and…

CVE-2024-1565MedJun 13, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.00
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to…
CVE-2024-2468MedMar 23, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all…
CVE-2024-1802MedMar 7, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including,…
CVE-2024-2128MedMar 7, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including,…
CVE-2024-1425MedFeb 29, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.01
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due…
CVE-2024-1349MedFeb 29, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.01
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to…
CVE-2023-6986MedJan 3, 2024
Wpdeveloper
Embedpress
risk 0.42cvss 6.4epss 0.00
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive)…
CVE-2024-5571MedJun 5, 2024
Wpdeveloper
Embedpress
risk 0.35cvss 6.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all…
CVE-2024-3244MedApr 9, 2024
Wpdeveloper
Embedpress
risk 0.35cvss 6.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to,…
CVE-2024-3245MedApr 6, 2024
Wpdeveloper
Embedpress
risk 0.35cvss 6.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including,…
CVE-2024-2688MedMar 23, 2024
Wpdeveloper
Embedpress
risk 0.35cvss 5.4epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including,…
CVE-2023-4283MedAug 10, 2023
Wpdeveloper
Embedpress
risk 0.35cvss 6.4epss 0.00
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
CVE-2023-4282MedAug 10, 2023
Wpdeveloper
Embedpress
risk 0.28cvss 5.4epss 0.00
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with…
CVE-2023-3371MedJun 27, 2023
Wpdeveloper
Embedpress
risk 0.28cvss 5.3epss 0.01
The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated…
CVE-2024-1803MedMay 23, 2024
Wpdeveloper
Embedpress
risk 0.21cvss 4.3epss 0.00
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed…
CVE-2024-11203Nov 28, 2024
Wpdeveloper
Embedpress
risk 0.00cvss —epss 0.00
The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and…