Vulnerabilities > Wpdeveloper

DATE CVE VULNERABILITY TITLE RISK
2024-06-21 CVE-2023-51375 Unspecified vulnerability in Wpdeveloper Embedpress
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3.
network
low complexity
wpdeveloper
8.8
2024-06-21 CVE-2024-5058 Unspecified vulnerability in Wpdeveloper Typing Text
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5.
network
low complexity
wpdeveloper
5.4
2024-06-13 CVE-2024-1565 Cross-site Scripting vulnerability in Wpdeveloper Embedpress
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdeveloper CWE-79
5.4
2024-06-09 CVE-2024-31284 Unspecified vulnerability in Wpdeveloper Embedpress
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.
network
low complexity
wpdeveloper
critical
9.8
2024-06-09 CVE-2024-31274 Unspecified vulnerability in Wpdeveloper Embedpress
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11.
network
low complexity
wpdeveloper
5.3
2024-06-09 CVE-2024-30467 Unspecified vulnerability in Wpdeveloper Essential Blocks
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.
network
low complexity
wpdeveloper
8.8
2024-06-07 CVE-2024-5612 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
2024-06-06 CVE-2024-5188 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
2024-06-05 CVE-2024-5571 Cross-site Scripting vulnerability in Wpdeveloper Embedpress
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdeveloper CWE-79
5.4
2024-02-05 CVE-2024-0585 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL.
network
low complexity
wpdeveloper CWE-79
5.4