wpdeveloper embedpress CVE 漏洞(26)

CVE 數: 26 CPE versions: View versions table

摘要

本頁列出影響 wpdeveloper embedpress 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。

顯示 212626 CVE 數
«« 第一頁 « 上一頁 第 2 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2023-6986 The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in page [email protected] 6.4 0.43% 2024-01-03 2026-06-17
CVE-2023-5750 The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [email protected] 6.1 0.47% 2023-12-11 2026-06-17
CVE-2023-5749 The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [email protected] 6.1 0.62% 2023-12-11 2026-06-17
CVE-2023-4283 The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. [email protected] 6.4 0.42% 2023-08-10 2026-06-17
CVE-2023-4282 The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings. [email protected] 5.4 0.42% 2023-08-10 2026-06-17
CVE-2023-3371 The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content. [email protected] 5.3 0.54% 2023-06-26 2026-06-17
«« 第一頁 « 上一頁 第 2 / 2 頁 下一頁 »
cvelogic Threat Intelligence