cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11203,https://securityvulnerability.io/vulnerability/CVE-2024-11203,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, PDF 3d Flipbook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, Youtube Videos, Maps & Upload PDF Documents",6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-28T08:47:30.755Z,0
CVE-2024-1565,https://securityvulnerability.io/vulnerability/CVE-2024-1565,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-06-13T08:31:31.631Z,0
CVE-2024-5571,https://securityvulnerability.io/vulnerability/CVE-2024-5571,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-06-05T09:15:00.000Z,0
CVE-2024-1803,https://securityvulnerability.io/vulnerability/CVE-2024-1803,Unauthorized Access to PDF Embed Block in EmbedPress Plugin,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-23T12:43:28.622Z,0
CVE-2024-4316,https://securityvulnerability.io/vulnerability/CVE-2024-4316,Stored Cross-Site Scripting Vulnerability in EmbedPress Affects All Versions Up to 3.9.16,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-14T15:43:00.000Z,0
CVE-2024-3244,https://securityvulnerability.io/vulnerability/CVE-2024-3244,Stored Cross-Site Scripting in EmbedPress Plugin for WordPress,"The EmbedPress plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'embedpress_calendar' shortcode in all versions up to and including 3.9.14. This vulnerability arises from inadequate input sanitization and output escaping on attributes provided by users. As a result, authenticated attackers with contributor-level access can inject arbitrary web scripts, which consequently execute whenever a user visits an affected page, compromising the security and integrity of the websites utilizing this plugin.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-04-09T18:58:59.605Z,0
CVE-2024-3245,https://securityvulnerability.io/vulnerability/CVE-2024-3245,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-06T03:15:00.000Z,0
CVE-2024-2468,https://securityvulnerability.io/vulnerability/CVE-2024-2468,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-23T02:32:56.446Z,0
CVE-2024-2688,https://securityvulnerability.io/vulnerability/CVE-2024-2688,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its document widget. This vulnerability arises from inadequate sanitization of user input and failing to escape outputs for user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject arbitrary web scripts into pages. These scripts will execute in the context of user sessions, potentially compromising user data and leading to further exploitation.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-23T02:32:55.950Z,0
CVE-2024-1802,https://securityvulnerability.io/vulnerability/CVE-2024-1802,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the user supplied url. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-07T20:33:25.984Z,0
CVE-2024-2128,https://securityvulnerability.io/vulnerability/CVE-2024-2128,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-03-07T19:32:59.348Z,0
CVE-2024-1349,https://securityvulnerability.io/vulnerability/CVE-2024-1349,EmbedPress Plugin Vulnerable to Stored Cross-Site Scripting,"The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2024-1425,https://securityvulnerability.io/vulnerability/CVE-2024-1425,EmbedPress Plugin Vulnerable to Stored Cross-Site Scripting,"The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2023-6986,https://securityvulnerability.io/vulnerability/CVE-2023-6986,Stored Cross-Site Scripting in EmbedPress Plugin for WordPress,"The EmbedPress plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability through the embed_oembed_html shortcode due to inadequate input sanitization and output escaping. This flaw affects all versions up to 3.9.5 and allows attackers with contributor-level permissions or higher to inject malicious scripts into pages. When users access these pages, the injected scripts execute, potentially compromising their data and security.",Wordpress,"EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor",6.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-01-03T07:15:00.000Z,0
CVE-2023-5749,https://securityvulnerability.io/vulnerability/CVE-2023-5749,EmbedPress < 3.9.2 - Reflected XSS,"The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,EmbedPress,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-12-11T20:15:00.000Z,0
CVE-2023-5750,https://securityvulnerability.io/vulnerability/CVE-2023-5750,EmbedPress < 3.9.2 - Reflected XSS,"The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,EmbedPress,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-12-11T20:15:00.000Z,0
CVE-2023-3371,https://securityvulnerability.io/vulnerability/CVE-2023-3371,Sensitive Information Exposure in User Registration Plugin for WordPress,"The User Registration plugin for WordPress suffers from a vulnerability that allows attackers to expose sensitive information due to a hardcoded encryption key in the 'lock_content_form_handler' and 'display_password_form' functions. This flaw affects versions up to and including 3.7.3, enabling unauthenticated users to decrypt and gain access to password-protected content without authorization. Users are advised to update their plugin to mitigate the risk associated with this vulnerability.",Wordpress,"Embedpress – Embed PDF, Youtube, Google Docs, Vimeo, Wistia Videos, AudiOS, Maps & Any Documents In Gutenberg & Elementor",5.3,MEDIUM,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-06-27T02:15:00.000Z,0