Vulnerabilities > Mpembed

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-16	CVE-2023-4289	Unspecified vulnerability in Mpembed WP Matterport Shortcode The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks network low complexity mpembed	5.4
2023-10-16	CVE-2023-4290	Unspecified vulnerability in Mpembed WP Matterport Shortcode The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin network low complexity mpembed	6.1
2023-08-30	CVE-2023-35094	Cross-site Scripting vulnerability in Mpembed WP Matterport Shortcode Auth. network low complexity mpembed CWE-79	5.4

Vulnerabilities > Mpembed {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mpembed"}]}