cleantalk
Vulnerabilities and Security Researches

Embedder, CVE-2025-3417

CVE, Research URL

CVE-2025-3417

Home page URL

Security reports for Embedder

Application

Embedder

Published on
Apr 10, 2025
Research Description
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions
Min 1.3, max 1.3.5.
Status
vulnerable
Previous vulnerability researches
Pdf Embedder Fay (CVE-2024-51795) , Nov 11, 2024
LSD Google Maps Embedder (CVE-2025-23871) , Jan 18, 2025
Embedder (CVE-2025-3417) , Apr 11, 2025
Prezi Embedder (CVE-2025-26538) , Feb 16, 2025
Google Reviews WordPress Plugin (Widget to add and display reviews) (6c2ad8e1f17e8fda8cdcf6e1b760d67c74bba1a6) , Jun 07, 2024
New vulnerability
Custom Post Type UI , Aug 05, 2025
Mmm Unity Loader (CVE-2025-8399) , Aug 05, 2025
Medical Addon for Elementor (CVE-2025-8212) , Aug 05, 2025
PressForward (CVE-2025-28987) , Aug 05, 2025
Custom Word Cloud (CVE-2025-8317) , Aug 04, 2025