cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1565,https://securityvulnerability.io/vulnerability/CVE-2024-1565,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-13T08:31:31.631Z,0
CVE-2024-5571,https://securityvulnerability.io/vulnerability/CVE-2024-5571,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-05T09:15:00.000Z,0
CVE-2024-1803,https://securityvulnerability.io/vulnerability/CVE-2024-1803,Unauthorized Access to PDF Embed Block in EmbedPress Plugin,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-23T12:43:28.622Z,0
CVE-2024-4316,https://securityvulnerability.io/vulnerability/CVE-2024-4316,Stored Cross-Site Scripting Vulnerability in EmbedPress Affects All Versions Up to 3.9.16,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2024-3244,https://securityvulnerability.io/vulnerability/CVE-2024-3244,Stored Cross-Site Scripting in EmbedPress Plugin for WordPress,"The EmbedPress plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'embedpress_calendar' shortcode in all versions up to and including 3.9.14. This vulnerability arises from inadequate input sanitization and output escaping on attributes provided by users. As a result, authenticated attackers with contributor-level access can inject arbitrary web scripts, which consequently execute whenever a user visits an affected page, compromising the security and integrity of the websites utilizing this plugin.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-04-09T18:58:59.605Z,0
CVE-2024-3245,https://securityvulnerability.io/vulnerability/CVE-2024-3245,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, AudiOS, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-06T03:15:00.000Z,0
CVE-2024-2468,https://securityvulnerability.io/vulnerability/CVE-2024-2468,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-23T02:32:56.446Z,0
CVE-2024-2688,https://securityvulnerability.io/vulnerability/CVE-2024-2688,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin,"The EmbedPress plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its document widget. This vulnerability arises from inadequate sanitization of user input and failing to escape outputs for user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject arbitrary web scripts into pages. These scripts will execute in the context of user sessions, potentially compromising user data and leading to further exploitation.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-23T02:32:55.950Z,0
CVE-2024-1802,https://securityvulnerability.io/vulnerability/CVE-2024-1802,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the user supplied url. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-07T20:33:25.984Z,0
CVE-2024-2128,https://securityvulnerability.io/vulnerability/CVE-2024-2128,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Embedpress – Embed PDF, Google Docs, Vimeo, Wistia, Embed Youtube Videos, Audios, Maps & Embed Any Documents In Gutenberg & Elementor",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-07T19:32:59.348Z,0
CVE-2024-1425,https://securityvulnerability.io/vulnerability/CVE-2024-1425,EmbedPress Plugin Vulnerable to Stored Cross-Site Scripting,"The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1349,https://securityvulnerability.io/vulnerability/CVE-2024-1349,EmbedPress Plugin Vulnerable to Stored Cross-Site Scripting,"The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-6986,https://securityvulnerability.io/vulnerability/CVE-2023-6986,Stored Cross-Site Scripting in EmbedPress Plugin for WordPress,"The EmbedPress plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability through the embed_oembed_html shortcode due to inadequate input sanitization and output escaping. This flaw affects all versions up to 3.9.5 and allows attackers with contributor-level permissions or higher to inject malicious scripts into pages. When users access these pages, the injected scripts execute, potentially compromising their data and security.",Wordpress,"EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor",6.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-01-03T07:15:00.000Z,0
CVE-2023-4282,https://securityvulnerability.io/vulnerability/CVE-2023-4282,Unauthorized Data Loss in EmbedPress Plugin for WordPress,"The EmbedPress plugin for WordPress contains a flaw that allows authenticated users with subscriber privileges or higher to bypass security checks. This vulnerability arises from a missing capability check in the 'admin_post_remove' and 'remove_private_data' functions. As a result, these users can delete critical plugin settings, leading to unauthorized loss of data within the application. It is crucial for users of EmbedPress to update to the latest version to mitigate this risk and ensure the integrity of their data.",Wordpress,"EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor",4.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-08-10T12:15:00.000Z,0
CVE-2023-4283,https://securityvulnerability.io/vulnerability/CVE-2023-4283,Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress,"The EmbedPress plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied attributes within the 'embedpress_calendar' shortcode. This vulnerability allows authenticated attackers with contributor-level access and higher to inject arbitrary scripts into web pages. Consequently, these scripts can execute whenever a user visits an affected page, leading to potential data compromise and session hijacking.",Wordpress,"EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2023-08-10T12:15:00.000Z,0
CVE-2023-3371,https://securityvulnerability.io/vulnerability/CVE-2023-3371,Sensitive Information Exposure in User Registration Plugin for WordPress,"The User Registration plugin for WordPress suffers from a vulnerability that allows attackers to expose sensitive information due to a hardcoded encryption key in the 'lock_content_form_handler' and 'display_password_form' functions. This flaw affects versions up to and including 3.7.3, enabling unauthenticated users to decrypt and gain access to password-protected content without authorization. Users are advised to update their plugin to mitigate the risk associated with this vulnerability.",Wordpress,"Embedpress – Embed PDF, Youtube, Google Docs, Vimeo, Wistia Videos, AudiOS, Maps & Any Documents In Gutenberg & Elementor",5.3,MEDIUM,0.0015999999595806003,false,,false,false,false,,false,false,2023-06-27T02:15:00.000Z,0