Mpembed Wp Matterport Shortcode — known CVE vulnerabilities
Every CVE whose affected-product data names Mpembed Wp Matterport Shortcode, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2023-4290 — CVSS 6.1 (medium): The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes…
CVE-2023-4289 — CVSS 5.4 (medium): The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting…