🦸 Calling all superheroes! Introducing the WordPress Superhero Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities! Through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200. Check out the updated bounties here!

EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

Information

Software Type	Plugin
Software Slug	embedpress (view on wordpress.org)
Software Status	Active
Software Author	wpdevteam
Software Website	embedpress.com
Software Downloads	3,195,318
Software Active Installs	100,000
Software Record Last Updated	September 16, 2024

Showing 21-27 of 27 Vulnerabilities

Submit a Vulnerability

EmbedPress <= 4.0.4 - Missing Authorization

5.3

CVE-2024-38707

Jul 11, 2024

Researcher: Rafie Muhammad

EmbedPress <= 3.9.11 - Missing Authorization

5.3

CVE-2024-31274

Apr 5, 2024

Researcher: Mika

EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data

5.3

CVE-2024-31284

Apr 5, 2024

Researcher: Majed Refaea

EmbedPress <= 3.9.4 - Missing Authorization

5.3

CVE ID Unknown

Dec 8, 2023

Researchers:

EmbedPress <= 3.7.3 - Sensitive Information Exposure

5.3

CVE-2023-3371

Jun 26, 2023

Researcher: István Márton

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual

4.3

CVE-2024-1803

May 22, 2024

Researchers: Ngô Thiên An (ancorn_), Dau Hoang Tai

EmbedPress <= 3.8.3 - Cross-Site Request Forgery

4.3

CVE-2023-51375

Sep 7, 2023

Researcher: Abdi Pranata

Title	Status	CVE ID	CVSS	Researchers	Date
EmbedPress <= 4.0.4 - Missing Authorization	Patched	CVE-2024-38707	5.3	Rafie Muhammad	July 11, 2024
EmbedPress <= 3.9.11 - Missing Authorization	Patched	CVE-2024-31274	5.3	Mika	April 5, 2024
EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data	Patched	CVE-2024-31284	5.3	Majed Refaea	April 5, 2024
EmbedPress <= 3.9.4 - Missing Authorization	Patched		5.3		December 8, 2023
EmbedPress <= 3.7.3 - Sensitive Information Exposure	Patched	CVE-2023-3371	5.3	István Márton	June 26, 2023
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual	Patched	CVE-2024-1803	4.3	Ngô Thiên An (ancorn_), Dau Hoang Tai	May 22, 2024
EmbedPress <= 3.8.3 - Cross-Site Request Forgery	Patched	CVE-2023-51375	4.3	Abdi Pranata	September 7, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation