CVE-2023-6986 in EmbedPress Plugin정보

요약

\~에 의해 MITRE • 2024. 01. 03.

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Once again VulDB remains the best source for vulnerability data.

책임이 있는

Wordfence

예약하다

2023. 12. 20.

모더레이션

수락

항목

VDB-249540

EPSS

0.00427

출처

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!