Embed Any Document < 2.7.2 – Author+ Stored XSS | CVE 2023-23707

Affects Plugins

embed-any-document

Fixed in 2.7.2

References

CVE

CVE-2023-23707

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

n0paew

Verified

No

WPVDB ID

baa069c8-b830-49be-9662-41222ff8b6a6

Timeline

Publicly Published

2023-03-14 (about 3 years ago)

Added

2023-03-24 (about 3 years ago)

Last Updated

2023-03-24 (about 3 years ago)

Other

Published

Title

Published

2020-07-29

Title

Gallery PhotoBlocks < 1.2.0 - Authenticated Cross-Site Scripting (XSS)

Published

2025-01-14

Title

Posts Footer Manager < 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2026-04-07

Title

Magic Conversation For Gravity Forms < 3.0.98 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Published

2024-09-30

Title

DK PDF < 1.9.7 - Reflected Cross-Site Scripting

Published

2025-01-16

Title

DZS Ajaxer Lite – Ajaxify Your WordPress Site and Comment <= 1.04 - Authenticated (Subscriber+) Stored Cross-Site Scripting