Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 27 known issues Latest disclosed Nov 27, 2024

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Vulnerabilities

Q: How many EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more vulnerabilities have patch guidance?

27 of 27 tracked EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more records include a published patch path.

Review known vulnerability records for the WordPress plugin EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more (`embedpress`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-11203, CVE-2024-50461 and CVE-2024-43936, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Nov 28, 2024

Priority CVE Quick Links

Fast paths into EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-43328 Critical 4.0.10

CVE-2024-43328 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Local File Inclusion

EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion

CVE-2024-11203 Medium 4.1.4

CVE-2024-11203 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

CVE-2024-50461 Medium 4.1.0

CVE-2024-50461 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-43936 Medium 4.0.9

CVE-2024-43936 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-1565 Medium 3.9.11

CVE-2024-1565 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

CVE-2024-5571 Medium 4.0.2

CVE-2024-5571 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

CVE-2024-4316 Medium 3.9.17

CVE-2024-4316 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

CVE-2024-3244 Medium 3.9.15

CVE-2024-3244 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Stored Cross-Site Scripting

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

27 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

1 critical and 0 high severity findings.

Recent CVEs

CVE-2024-11203, CVE-2024-50461 and CVE-2024-43936

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-11203 Medium Patch path listed

CVE-2024-11203: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to St...

Published

Nov 27, 2024

Patch Status

4.1.4

Open CVE-2024-11203 Report

CVE-2024-50461 Medium Patch path listed

CVE-2024-50461: EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This mak...

Published

Oct 24, 2024

Patch Status

4.1.0

Open CVE-2024-50461 Report

CVE-2024-43936 Medium Patch path listed

CVE-2024-43936: EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This make...

Published

Aug 26, 2024

Patch Status

4.0.9

Open CVE-2024-43936 Report

Known Vulnerabilities

Reports for EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-11203

CVE-2024-11203: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and incl...

Published

Nov 27, 2024

Patched Release

4.1.4

Affected Versions

Versions up to 4.1.3

Next Step

Update to 4.1.4 or newer if supported.

Open CVE-2024-11203 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-50461

CVE-2024-50461: EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in...

Published

Oct 24, 2024

Patched Release

4.1.0

Affected Versions

Versions up to 4.0.14

Next Step

Update to 4.1.0 or newer if supported.

Open CVE-2024-50461 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-43936

CVE-2024-43936: EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj...

Published

Aug 26, 2024

Patched Release

4.0.9

Affected Versions

Versions up to 4.0.8

Next Step

Update to 4.0.9 or newer if supported.

Open CVE-2024-43936 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-43328

CVE-2024-43328: EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.9 via the 'page_type' paramet...

Published

Aug 16, 2024

Patched Release

4.0.10

Affected Versions

Versions up to 4.0.9

Next Step

Update to 4.0.10 or newer if supported.

Open CVE-2024-43328 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-38707

CVE-2024-38707: EmbedPress <= 4.0.4 - Missing Authorization

The EmbedPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like get_instagram_userdata_ajax, sync_instagram_data_ajax, and delete_instagram_account in versions up to, and including, 4.0.4. This mak...

Published

Jul 11, 2024

Patched Release

4.0.5

Affected Versions

Versions up to 4.0.4

Next Step

Update to 4.0.5 or newer if supported.

Open CVE-2024-38707 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1565

CVE-2024-1565: EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient...

Published

Jun 12, 2024

Patched Release

3.9.11

Affected Versions

Versions up to 3.9.10

Next Step

Update to 3.9.11 or newer if supported.

Open CVE-2024-1565 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5571

CVE-2024-5571: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all ver...

Published

Jun 04, 2024

Patched Release

4.0.2

Affected Versions

Versions up to 4.0.1

Next Step

Update to 4.0.2 or newer if supported.

Open CVE-2024-5571 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1803

CVE-2024-1803: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block...

Published

May 22, 2024

Patched Release

3.9.13

Affected Versions

Versions up to 3.9.12

Next Step

Update to 3.9.13 or newer if supported.

Open CVE-2024-1803 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4316

CVE-2024-4316: EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to i...

Published

May 09, 2024

Patched Release

3.9.17

Affected Versions

Versions up to 3.9.16

Next Step

Update to 3.9.17 or newer if supported.

Open CVE-2024-4316 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-31274

CVE-2024-31274: EmbedPress <= 3.9.11 - Missing Authorization

The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_source_data and save_source_data functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify data source...

Published

Apr 05, 2024

Patched Release

3.9.12

Affected Versions

Versions up to 3.9.11

Next Step

Update to 3.9.12 or newer if supported.

Open CVE-2024-31274 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-31284

CVE-2024-31284: EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data

The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_calendly_data() function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings.

Published

Apr 05, 2024

Patched Release

3.9.9

Affected Versions

Versions up to 3.9.8

Next Step

Update to 3.9.9 or newer if supported.

Open CVE-2024-31284 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-3244

CVE-2024-3244: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and...

Published

Apr 05, 2024

Patched Release

3.9.15

Affected Versions

Versions up to 3.9.14

Next Step

Update to 3.9.15 or newer if supported.

Open CVE-2024-3244 Report Open CVE Reference