Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 28 known issues Latest disclosed Jun 05, 2026

EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Vulnerabilities

Q: How many EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more vulnerabilities have patch guidance?

28 of 28 tracked EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more records include a published patch path.

Review known vulnerability records for the WordPress plugin EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more (`embedpress`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-7796, CVE-2024-11203 and CVE-2024-50461, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jun 06, 2026

Related Security Guides

Use these guides while reviewing EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more fixes

Pair this plugin vulnerability hub with practical WordPress hardening, scanner, and patch workflow guidance.

Hardening

WordPress hardening checklist for exposed plugins

Review patch cadence, privileged access, XML-RPC exposure, backups, and monitoring controls.

Plugin Security

WordPress plugin security basics for patch decisions

Use ownership, update testing, least privilege, and removal criteria to reduce plugin risk.

Scanning

WordPress vulnerability scanner buyer's guide

Compare scanner coverage for plugin CVEs, version detection, alert noise, and remediation workflow.

Patch Decision Workflow

How to prioritize EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more remediation

Use the hub as a decision layer before opening individual records: confirm whether the issue has a CVE, whether a fixed version exists, and whether the affected range overlaps production installs.

Search-Ready Records

1. Match the Package

Confirm the installed WordPress plugin slug is embedpress before acting on any CVE from this cluster.

2. Sort by Severity

Start with 1 high or critical record, then review medium and unrated findings with public references.

3. Check Patch Evidence

28 records include a patch path; verify compatibility before closing the finding.

4. Monitor Gaps

0 records still lack a listed fixed release, so keep this hub in the review queue.

High-Signal Remediation Targets

CVE-2024-43328 Critical

Local File Inclusion remediation for EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

Affected range: Versions up to 4.0.9. Fixed version: 4.0.10.

CVE-2026-7796 Medium

Stored Cross-Site Scripting remediation for EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

Affected range: Versions up to 4.5.3. Fixed version: 4.5.4.

CVE-2024-11203 Medium

Stored Cross-Site Scripting remediation for EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

Affected range: Versions up to 4.1.3. Fixed version: 4.1.4.

CVE-2024-50461 Medium

Stored Cross-Site Scripting remediation for EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

Affected range: Versions up to 4.0.14. Fixed version: 4.1.0.

Priority CVE Quick Links

Fast paths into EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

Tracked CVE	Issue Type	Affected Versions	Fixed Version	CVSS
CVE-2024-43328 EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion	Local File Inclusion	Versions up to 4.0.9	4.0.10	CVSS 9.8
CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via B...	Stored Cross-Site Scripting	Versions up to 4.5.3	4.5.4	CVSS 6.4
CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTu...	Stored Cross-Site Scripting	Versions up to 4.1.3	4.1.4	CVSS 6.4
CVE-2024-50461 EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	Stored Cross-Site Scripting	Versions up to 4.0.14	4.1.0	CVSS 6.4
CVE-2024-43936 EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	Stored Cross-Site Scripting	Versions up to 4.0.8	4.0.9	CVSS 6.4
CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via P...	Stored Cross-Site Scripting	Versions up to 3.9.10	3.9.11	CVSS 6.4
CVE-2024-5571 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Ma...	Stored Cross-Site Scripting	Versions up to 4.0.1	4.0.2	CVSS 6.4
CVE-2024-4316 EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps...	Stored Cross-Site Scripting	Versions up to 3.9.16	3.9.17	CVSS 6.4

CVE-2024-43328 Critical 4.0.10

CVE-2024-43328 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Local File Inclusion

EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion

CVE-2026-7796 Medium 4.5.4

CVE-2026-7796 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

CVE-2024-11203 Medium 4.1.4

CVE-2024-11203 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

CVE-2024-50461 Medium 4.1.0

CVE-2024-50461 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-43936 Medium 4.0.9

CVE-2024-43936 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-1565 Medium 3.9.11

CVE-2024-1565 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

CVE-2024-5571 Medium 4.0.2

CVE-2024-5571 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

CVE-2024-4316 Medium 3.9.17

CVE-2024-4316 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more Stored Cross-Site Scripting

EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Coverage Snapshot

What this page helps you verify fast

This hub clusters tracked records for EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

28 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

1 critical and 0 high severity findings.

Recent CVEs

CVE-2026-7796, CVE-2024-11203 and CVE-2024-50461

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-7796 Medium Patch path listed

CVE-2026-7796: EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attrib...

Published

Jun 05, 2026

Patch Status

4.5.4

Review CVE-2026-7796 affected versions

CVE-2024-11203 Medium Patch path listed

CVE-2024-11203: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to St...

Published

Nov 27, 2024

Patch Status

4.1.4

Review CVE-2024-11203 affected versions

CVE-2024-50461 Medium Patch path listed

CVE-2024-50461: EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This mak...

Published

Oct 24, 2024

Patch Status

4.1.0

Review CVE-2024-50461 affected versions

Known Vulnerabilities

Reports for EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-7796

CVE-2026-7796: EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and...

Published

Jun 05, 2026

Patched Release

4.5.4

Affected Versions

Versions up to 4.5.3

Next Step

Update to 4.5.4 or newer if supported.

Review CVE-2026-7796 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-11203

CVE-2024-11203: EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and incl...

Published

Nov 27, 2024

Patched Release

4.1.4

Affected Versions

Versions up to 4.1.3

Next Step

Update to 4.1.4 or newer if supported.

Review CVE-2024-11203 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-50461

CVE-2024-50461: EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in...

Published

Oct 24, 2024

Patched Release

4.1.0

Affected Versions

Versions up to 4.0.14

Next Step

Update to 4.1.0 or newer if supported.

Review CVE-2024-50461 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-43936

CVE-2024-43936: EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj...

Published

Aug 26, 2024

Patched Release

4.0.9

Affected Versions

Versions up to 4.0.8

Next Step

Update to 4.0.9 or newer if supported.

Review CVE-2024-43936 fixed version details Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-43328

CVE-2024-43328: EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion

The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.9 via the 'page_type' paramet...

Published

Aug 16, 2024

Patched Release

4.0.10

Affected Versions

Versions up to 4.0.9

Next Step

Update to 4.0.10 or newer if supported.

Review CVE-2024-43328 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-38707

CVE-2024-38707: EmbedPress <= 4.0.4 - Missing Authorization

The EmbedPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like get_instagram_userdata_ajax, sync_instagram_data_ajax, and delete_instagram_account in versions up to, and including, 4.0.4. This mak...

Published

Jul 11, 2024

Patched Release

4.0.5

Affected Versions

Versions up to 4.0.4

Next Step

Update to 4.0.5 or newer if supported.

Review CVE-2024-38707 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1565

CVE-2024-1565: EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient...

Published

Jun 12, 2024

Patched Release

3.9.11

Affected Versions

Versions up to 3.9.10

Next Step

Update to 3.9.11 or newer if supported.

Review CVE-2024-1565 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5571

CVE-2024-5571: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all ver...

Published

Jun 04, 2024

Patched Release

4.0.2

Affected Versions

Versions up to 4.0.1

Next Step

Update to 4.0.2 or newer if supported.

Review CVE-2024-5571 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1803

CVE-2024-1803: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block...

Published

May 22, 2024

Patched Release

3.9.13

Affected Versions

Versions up to 3.9.12

Next Step

Update to 3.9.13 or newer if supported.

Review CVE-2024-1803 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4316

CVE-2024-4316: EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to i...

Published

May 09, 2024

Patched Release

3.9.17

Affected Versions

Versions up to 3.9.16

Next Step

Update to 3.9.17 or newer if supported.

Review CVE-2024-4316 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-31274

CVE-2024-31274: EmbedPress <= 3.9.11 - Missing Authorization

The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_source_data and save_source_data functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify data source...

Published

Apr 05, 2024

Patched Release

3.9.12

Affected Versions

Versions up to 3.9.11

Next Step

Update to 3.9.12 or newer if supported.

Review CVE-2024-31274 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-31284

CVE-2024-31284: EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data

The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_calendly_data() function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings.

Published

Apr 05, 2024

Patched Release

3.9.9

Affected Versions

Versions up to 3.9.8

Next Step

Update to 3.9.9 or newer if supported.

Review CVE-2024-31284 fixed version details Open CVE Reference