WordPress Plugin Vulnerabilities

EmbedPress < 3.9.12 - Missing Authorization

Description

The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_source_data and save_source_data functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify data sources.

Affects Plugins

Plugin icon
embedpress
Fixed in 3.9.12

References

CVE
CVE-2024-31274
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce738ee-bbb6-462a-aeae-0523200e320f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
640d7183-9e89-40bc-ab7e-14271ec78475

Timeline

Publicly Published
2024-04-05 (about 2 years ago)
Added
2024-04-11 (about 2 years ago)
Last Updated
2024-04-11 (about 2 years ago)

Other

Published
Title
Published
2026-03-31
Title
Royal Elementor Addons < 1.7.1057 - Unauthenticated Missing Authorization
Published
2024-12-23
Title
PlugVersions – Easily rollback to previous versions of your plugins < 0.0.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation
Published
2024-02-27
Title
Page Restriction WordPress (WP) < 1.3.5 - Unauthenticated Protected Post Access
Published
2025-11-30
Title
Stylish Price List < 7.2.3 - Missing Authorization
Published
2024-03-05
Title
Total < 2.1.60 - Missing Authorization to Authenticated (Subscriber+) Sections Update