CVE-2024-1803

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3055856	Patch
https://plugins.trac.wordpress.org/changeset/3055856	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/175e08ce-aec2-427a-90e0-f955711d58b2?source=cve	Patch Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/175e08ce-aec2-427a-90e0-f955711d58b2?source=cve	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*

History

07 Jan 2025, 17:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : unknown
CPE		cpe:2.3:a:wpdeveloper:embedpress::::::wordpress::*
First Time		Wpdeveloper Wpdeveloper embedpress
CWE		CWE-863
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/175e08ce-aec2-427a-90e0-f955711d58b2?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/175e08ce-aec2-427a-90e0-f955711d58b2?source=cve - Patch, Third Party Advisory
References	~~() https://plugins.trac.wordpress.org/changeset/3055856 -~~	() https://plugins.trac.wordpress.org/changeset/3055856 - Patch

23 May 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-23 13:15

Updated : 2025-01-07 17:32

NVD link : CVE-2024-1803

Mitre link : CVE-2024-1803

JSON object : View

Products Affected

wpdeveloper

embedpress

CWE

CWE-863

Incorrect Authorization

JSON object

Attach tags to CVE-2024-1803

Attach tags to `CVE-2024-1803`