EmbedPress < 3.9.5 – Missing Authorization | Plugin Vulnerabilities

Description

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_source_data() and delete_source_data() functions in all versions up to 3.9.5 (exclusive). This makes it possible for unauthenticated attackers to save and delete source data

Affects Plugins

Fixed in 3.9.5

References

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/a7cf1c70-9778-4b50-b494-d0b1d0277b35

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Verified

No

WPVDB ID

3436bbc5-c7b6-4b3b-97fc-786ba66748e1

Timeline

Publicly Published

2023-12-08 (about 2 years ago)

Added

2024-02-09 (about 2 years ago)

Last Updated

2024-02-09 (about 2 years ago)

Other

Published

Title

Published

2025-10-31

Title

Google XML Sitemaps < 4.1.23 - Missing Authorization

Published

2025-09-09

Title

PDF Generator for WordPress < 1.5.5 - Missing Authorization

Published

2026-03-14

Title

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration < 4.2.9 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter

Published

2024-04-12

Title

Pardot < 2.1.1 - Missing Authorization

Published

2026-01-05

Title

GetGenie < 4.3.1 - Missing Authorization