EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor < 3.8.0 – Sensitive Data Disclosure | CVE 2023-3371

Affects Plugins

embedpress

Fixed in 3.8.0

References

CVE

CVE-2023-3371

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

082ae437-0f1c-4e63-9e23-4bf0ec732985

Timeline

Publicly Published

2023-06-26 (about 2 years ago)

Added

2023-06-29 (about 2 years ago)

Last Updated

2023-06-29 (about 2 years ago)

Other

Published

Title

Published

2025-12-08

Title

EasyCart < 5.8.12 - Unauthenticated Information Exposure

Published

2024-08-28

Title

The Post Grid < 7.7.12 - Authenticated (Contributor+) Information Disclosure

Published

2026-01-22

Title

Contact Form 7 GetResponse Extension <= 1.0.8 - Unauthenticated Information Exposure

Published

2025-01-29

Title

Elementor Website Builder Pro – More than Just a Page Builder < 3.25.11 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

Published

2024-06-10

Title

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure