{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31784", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-01T13:19:54.844Z", "datePublished": "2025-04-01T14:51:26.746Z", "dateUpdated": "2026-04-01T15:49:33.012Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "embed-extended", "product": "Embed Extended", "vendor": "Rudy Susanto", "versions": [{"lessThanOrEqual": "1.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Xuan Chien | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:37:50.214Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended embed-extended allows Cross Site Request Forgery.<p>This issue affects Embed Extended: from n/a through <= 1.4.0.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended embed-extended allows Cross Site Request Forgery.This issue affects Embed Extended: from n/a through <= 1.4.0."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:49:33.012Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/embed-extended/vulnerability/wordpress-embed-extended-embed-maps-videos-websites-source-codes-and-more-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T19:26:51.554754Z", "id": "CVE-2025-31784", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T19:27:00.308Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31784", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T19:26:51.554754Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T19:26:56.267Z"}}], "cna": {"title": "WordPress Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Xuan Chien (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rudy Susanto", "product": "Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.4.0"}], "packageName": "embed-extended", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/embed-extended/vulnerability/wordpress-embed-extended-embed-maps-videos-websites-source-codes-and-more-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more allows Cross Site Request Forgery. This issue affects Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more: from n/a through 1.4.0.", "supportingMedia": [{"type": "text/html", "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more allows Cross Site Request Forgery.</p><p>This issue affects Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more: from n/a through 1.4.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-01T14:51:26.746Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31784", "state": "PUBLISHED", "dateUpdated": "2025-04-01T19:27:00.308Z", "dateReserved": "2025-04-01T13:19:54.844Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-04-01T14:51:26.746Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended embed-extended allows Cross Site Request Forgery.This issue affects Embed Extended: from n/a through <= 1.4.0."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rudy Susanto Embed Extended \u2013 Embed Maps, Videos, Websites, Source Codes, and more permite Cross-Site Request Forgery. Este problema afecta a Embed Extended (mapas, v\u00eddeos, sitios web, c\u00f3digo fuente y m\u00e1s): desde n/d hasta la versi\u00f3n 1.4.0."}], "id": "CVE-2025-31784", "lastModified": "2026-04-01T17:21:36.160", "metrics": {}, "published": "2025-04-01T15:16:16.253", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/embed-extended/vulnerability/wordpress-embed-extended-embed-maps-videos-websites-source-codes-and-more-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T22:15:55.302255+00:00", "updated": "2025-07-12T22:15:55.302330+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}