WordPress Plugin Vulnerability Report – EmbedPress – Missing Authorization

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,004,277 Active Installs: 80,000 Last Updated: December 8, 2023 Patched Versions: NA Affected Versions: <= 3.9.4 Vulnerability Details: Name: EmbedPress <= 3.9.4 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Description: The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia…

Read More

WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,889,041 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 3.9.2 Affected Versions: <= 3.9.1 Vulnerability Details: Name: Draft Vulnerability for EmbedPress 3.9.2 Title: Draft Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 6.1 (Medium) Publicly Published: November 17, 2023 Description: The EmbedPress –…

Read More

WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,709,151 Active Installs: 80,000 Last Updated: September 8, 2023 Patched Versions: 3.8.4 Affected Versions: <3.8.4 Vulnerability Details: Name: EmbedPress <= 3.8.3 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published:…

Read More