CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50461 – WordPress EmbedPress plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50461
24 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.14. The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts... • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43936 – WordPress EmbedPress plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43936
26 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8. The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts i... • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43328 – WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43328
16 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9. The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.9 via the 'page_type' parameter. This makes it possible... • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38707 – WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38707
11 Jul 2024 — Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4. The EmbedPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like get_instagram_userdata_ajax, sync_instagram_data_ajax, and delete_instagram_account in versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,... • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-4-0-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31274 – WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31274
05 Apr 2024 — Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11. Vulnerabilidad de autorización faltante en WPDeveloper EmbedPress. Este problema afecta a EmbedPress: desde n/a hasta 3.9.11. The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_source_data and save_source_data functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify... • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-3-9-11-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •