Vulnerabilities > Wpdeveloper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-10 | CVE-2023-4283 | Unspecified vulnerability in Wpdeveloper Embedpress The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-07-20 | CVE-2023-3779 | Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. | 5.3 |
| 2023-07-01 | CVE-2020-36744 | Unspecified vulnerability in Wpdeveloper Notificationx The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. | 4.3 |
| 2023-06-09 | CVE-2023-2083 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2084 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2085 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2086 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. | 4.3 |
| 2023-06-09 | CVE-2023-2087 | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. | 4.3 |
| 2022-02-24 | CVE-2022-0683 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. | 4.3 |
| 2021-09-27 | CVE-2021-24633 | Missing Authorization vulnerability in Wpdeveloper Countdown Block The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. | 4.0 |