GCVE - cpe:2.3:a:wpdevteam:embedpress_–_embed_pdf,_youtube,_google_docs,_vimeo,_wistia_videos,_audios,_maps_&_any_documents_in_gutenberg_&

Approved changes feed: RSS · Atom

cpe:2.3:a:wpdevteam:embedpress_–_embed_pdf,_youtube,_google_docs,_vimeo,_wistia_videos,_audios,_maps_&_any_documents_in_gutenberg_&_elementor:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wpdevteam (`a4902ce9-e562-585a-9979-c349db19e370`)
Product	Embedpress – Embed Pdf, Youtube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents In Gutenberg & Elementor (`0025241d-0dd2-57e4-bc6b-5d1fc65a48ab`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4283`	vulnerable	2026-06-03 14:53:27.699815	EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode MEDIUM (6.4) The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2023-08-10T11:05:43.454Z Updated: 2026-04-08T17:16:37.823Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/b340eda1-e9d2-40b6-89f9-41d995ce3555?source=cve https://plugins.trac.wordpress.org/browser/embedpress/tags/3.8.2/EmbedPress/ThirdParty/Googlecalendar/Embedpress_Google_Helper.php#L522 https://plugins.trac.wordpress.org/changeset/2950211/embedpress#file18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3371`	vulnerable	2026-06-03 14:52:40.645130	EmbedPress <= 3.7.3 - Sensitive Information Exposure MEDIUM (5.3) The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content. Published: 2023-06-27T01:55:28.259Z Updated: 2026-04-08T17:19:46.681Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=cve https://plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/Gutenberg/block-backend/block-embedpress.php#L30 https://plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php#L231 https://plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php#L278 https://plugins.trac.wordpress.org/changeset/2930523/embedpress#file10	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Embedpress – Embed Pdf, Youtube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents In Gutenberg & Elementor

PURL mappings

Vulnerability references

Contribute