Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security weaknesses, vulnerabilities, and CVEs associated with the EmbedPress WordPress plugin. The collection includes issues ranging from cross-site scripting and file inclusion flaws to authorization bypasses that affect the PDF embedder, video embedding, 3D flipbook, and social feed modules. This database covers vulnerability reports released between 2020 and 2024, providing a comprehensive historical view of security incidents impacting this specific product. Users can explore detailed descriptions of each weakness, review the timeline of disclosure and patching, and analyze how the vendor has responded to different threat classes over time. The goal is to provide clear visibility into the security posture of EmbedPress, enabling administrators, developers, and security researchers to assess risk levels and make informed decisions about deployment and updates. By centralizing these data points, the page serves as a reference for understanding the nature and frequency of security flaws in this popular WordPress extension. It supports informed decision-making by highlighting patterns in vulnerability types and remediation speeds, helping users evaluate the reliability and maintenance practices of the EmbedPress ecosystem without relying on speculative or unverified information.

Vendor: wpdevteam

CVE IDTitleCVSSSeverityPublished
CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' CWE-79 6.4 Medium2024-11-28
CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL CWE-79 6.4 Medium2024-06-13
CVE-2024-5571 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget CWE-79 6.4 Medium2024-06-05
CVE-2024-1803 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual CWE-285 4.3 Medium2024-05-23
CVE-2024-4316 EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CWE-79 6.4 Medium2024-05-09
CVE-2024-3244 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-04-09
CVE-2024-3245 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block CWE-79 6.4 Medium2024-04-06
CVE-2024-2468 EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute CWE-79 6.4 Medium2024-03-23
CVE-2024-2688 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' CWE-79 5.4 Medium2024-03-23
CVE-2024-1802 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block CWE-79 6.4 Medium2024-03-07
CVE-2024-2128 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget CWE-79 6.4 Medium2024-03-07
CVE-2024-1349 EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-02-20
CVE-2024-1425 EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link CWE-79 6.4 Medium2024-02-20
CVE-2023-6986 EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-01-03
CVE-2023-4282 EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data CWE-862 5.4 Medium2023-08-10
CVE-2023-4283 EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2023-08-10
CVE-2023-3371 EmbedPress <= 3.7.3 - Sensitive Information Exposure CWE-321 5.3 Medium2023-06-27

All 17 known CVE vulnerabilities affecting EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more with full Chinese analysis, references, and POCs where available.