EmbedPress
WPDeveloper
Developer
4.4.11
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
27 patched
9 Mitigation rules
- Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL vulnerability<= 3.9.1002/02/2026
- Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' vulnerability<= 3.9.1202/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability<= 3.9.1402/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' vulnerability<= 4.1.327/11/2024
- Cross Site Scripting (XSS) vulnerability<= 4.0.1424/10/2024
- Cross Site Scripting (XSS) vulnerability<= 4.0.826/08/2024
- Local File Inclusion vulnerability<= 4.0.916/08/2024
- Broken Access Control vulnerability<= 4.0.411/07/2024
- Cross Site Scripting (XSS) vulnerability<= 4.0.227/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability<= 4.0.105/06/2024
- Insufficient Authorization Checks vulnerability<= 3.9.1224/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability<= 3.9.1610/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.9.1408/04/2024
- Broken Access Control vulnerability<= 3.9.805/04/2024
- Broken Access Control vulnerability<= 3.9.1105/04/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Attribute vulnerability<= 3.9.1225/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block vulnerability<= 3.9.1007/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability<= 3.9.1007/03/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link vulnerability<= 3.9.815/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.9.815/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability< 3.9.503/01/2024
- Broken Access Control vulnerability<= 3.8.326/12/2023
- Reflected Cross-Site Scripting via the hash parameter vulnerability<= 3.9.117/11/2023
- Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability<= 3.8.210/08/2023
- Subscriber+ Plugin Settings Delete vulnerability<= 3.8.210/08/2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.0.219/07/2023
- Sensitive Information Exposure vulnerability<= 3.7.326/06/2023