EmbedPress

WPDeveloper

Developer

4.4.10

Latest version

100,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

27 patched

9 Mitigation rules

Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL vulnerability
<= 3.9.10
Feb 2, 2026
Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' vulnerability
<= 3.9.12
Feb 2, 2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability
<= 3.9.14
Feb 2, 2026
Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' vulnerability
<= 4.1.3
Nov 27, 2024
Cross Site Scripting (XSS) vulnerability
<= 4.0.14
Oct 24, 2024
Cross Site Scripting (XSS) vulnerability
<= 4.0.8
Aug 26, 2024
Local File Inclusion vulnerability
<= 4.0.9
Aug 16, 2024
Broken Access Control vulnerability
<= 4.0.4
Jul 11, 2024
Cross Site Scripting (XSS) vulnerability
<= 4.0.2
Jun 27, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability
<= 4.0.1
Jun 5, 2024
Insufficient Authorization Checks vulnerability
<= 3.9.12
May 24, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
<= 3.9.16
May 10, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 3.9.14
Apr 8, 2024
Broken Access Control vulnerability
<= 3.9.8
Apr 5, 2024
Broken Access Control vulnerability
<= 3.9.11
Apr 5, 2024
Authenticated(Contributor+) Stored Cross-Site Scripting via Attribute vulnerability
<= 3.9.12
Mar 25, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block vulnerability
<= 3.9.10
Mar 7, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability
<= 3.9.10
Mar 7, 2024
Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link vulnerability
<= 3.9.8
Feb 15, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 3.9.8
Feb 15, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
< 3.9.5
Jan 3, 2024
Broken Access Control vulnerability
<= 3.8.3
Dec 26, 2023
Reflected Cross-Site Scripting via the hash parameter vulnerability
<= 3.9.1
Nov 17, 2023
Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability
<= 3.8.2
Aug 10, 2023
Subscriber+ Plugin Settings Delete vulnerability
<= 3.8.2
Aug 10, 2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 2.0.2
Jul 19, 2023
Sensitive Information Exposure vulnerability
<= 3.7.3
Jun 26, 2023