WP-Safety

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Security & Risk Analysis

wordpress.org/plugins/embedpress

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K active installs v4.4.11 PHP 5.6+ WP 4.6+ Updated Mar 15, 2026
embedembed-pdfembed-youtubegoogle-docssocial-feeds
94
A · Safe
CVEs total27
Unpatched0
Last CVENov 27, 2024
Plugin page Download
Safety Verdict

Is EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Safe to Use in 2026?

Generally Safe

Score 94/100

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more has a strong security track record. Known vulnerabilities have been patched promptly.

27 known CVEsLast CVE: Nov 27, 2024Updated 19d ago
Risk Assessment

The security posture of EmbedPress v4.4.11 presents a mixed bag of strengths and significant concerns. While the plugin demonstrates a commitment to security by using prepared statements for a good portion of its SQL queries and properly escaping a high percentage of its output, the presence of unprotected entry points is a major red flag. The static analysis revealed 23 unprotected entry points out of a total of 73, which significantly increases the plugin's attack surface and potential for unauthorized access or manipulation. The taint analysis also points to critical issues with 3 high-severity unsanitized flows, indicating potential vulnerabilities that could be exploited.

The plugin's vulnerability history is particularly concerning, with 27 known CVEs. The fact that there are currently no unpatched vulnerabilities is positive, but the historical prevalence of critical and medium-severity vulnerabilities, including Cross-site Scripting, PHP Remote File Inclusion, Improper Authorization, and CSRF, suggests a recurring pattern of security weaknesses. The most recent vulnerability being in late 2024, while unpatched now, indicates active discovery of issues. This history, combined with the static analysis findings, suggests that while efforts are made, fundamental security principles may not be consistently applied throughout the development lifecycle. The plugin has strengths in output escaping and SQL preparedness, but the large number of unprotected entry points and the historical vulnerability trend necessitate caution.

Key Concerns

  • High number of unprotected AJAX handlers
  • High number of unprotected REST API routes
  • 3 high severity taint flows (unsanitized paths)
  • 1 critical historical CVE
  • 26 medium historical CVEs
  • 23 unprotected entry points total
  • SQL queries not using prepared statements (62%)
Vulnerabilities
27

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Security Vulnerabilities

CVEs by Year

7 CVEs in 2023
2023
20 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
26

27 total CVEs

CVE-2024-11203medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name'

Nov 27, 2024 Patched in 4.1.4 (1d)
CVE-2024-50461medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 4.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 4.1.0 (7d)
CVE-2024-43936medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 26, 2024 Patched in 4.0.9 (10d)
CVE-2024-43328critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion

Aug 16, 2024 Patched in 4.0.10 (7d)
CVE-2024-38707medium · 5.3Missing Authorization

EmbedPress <= 4.0.4 - Missing Authorization

Jul 11, 2024 Patched in 4.0.5 (7d)
CVE-2024-1565medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

Jun 12, 2024 Patched in 3.9.11 (1d)
CVE-2024-5571medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

Jun 4, 2024 Patched in 4.0.2 (1d)
CVE-2024-1803medium · 4.3Improper Authorization

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual

May 22, 2024 Patched in 3.9.13 (2d)
CVE-2024-4316medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

May 9, 2024 Patched in 3.9.17 (1d)
CVE-2024-31274medium · 5.3Missing Authorization

EmbedPress <= 3.9.11 - Missing Authorization

Apr 5, 2024 Patched in 3.9.12 (7d)
CVE-2024-3244medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Apr 5, 2024 Patched in 3.9.15 (5d)
CVE-2024-3245medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block

Apr 5, 2024 Patched in 3.9.15 (1d)
CVE-2024-31284medium · 5.3Missing Authorization

EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data

Apr 5, 2024 Patched in 3.9.9 (7d)
CVE-2024-2688medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color'

Mar 22, 2024 Patched in 3.9.13 (1d)
CVE-2024-2468medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute

Mar 22, 2024 Patched in 3.9.13 (1d)
CVE-2024-1802medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block

Mar 7, 2024 Patched in 3.9.11 (1d)
CVE-2024-2128medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

Mar 7, 2024 Patched in 3.9.11 (1d)
CVE-2024-1425medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link

Feb 14, 2024 Patched in 3.9.9 (108d)
CVE-2024-1349medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 14, 2024 Patched in 3.9.9 (7d)
CVE-2023-6986medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 2, 2024 Patched in 3.9.6 (210d)
WF-a7cf1c70-9778-4b50-b494-d0b1d0277b35-embedpressmedium · 5.3Missing Authorization

EmbedPress <= 3.9.4 - Missing Authorization

Dec 8, 2023 Patched in 3.9.5 (46d)
CVE-2023-5750medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.9.1 - Reflected Cross-Site Scripting

Nov 17, 2023 Patched in 3.9.2 (67d)
CVE-2023-5749medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.9.1 - Reflected Cross-Site Scripting

Nov 17, 2023 Patched in 3.9.2 (67d)
CVE-2023-51375medium · 4.3Cross-Site Request Forgery (CSRF)

EmbedPress <= 3.8.3 - Cross-Site Request Forgery

Sep 7, 2023 Patched in 3.8.4 (138d)
CVE-2023-4282medium · 5.4Missing Authorization

EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data

Aug 9, 2023 Patched in 3.8.3 (167d)
CVE-2023-4283medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Aug 9, 2023 Patched in 3.8.3 (167d)
CVE-2023-3371medium · 5.3Use of Hard-coded Cryptographic Key

EmbedPress <= 3.7.3 - Sensitive Information Exposure

Jun 26, 2023 Patched in 3.8.0 (211d)
Code Analysis
Analyzed Mar 16, 2026

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Code Analysis

Dangerous Functions
0
Raw SQL Queries
114
70 prepared
Unescaped Output
280
2118 escaped
Nonce Checks
31
Capability Checks
31
File Operations
14
External Requests
30
Bundled Libraries
0

SQL Query Safety

38% prepared184 total queries

Output Escaping

88% escaped2398 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

16 flows9 with unsanitized paths
get_instagram_userdata_ajax (EmbedPress\Ends\Back\Handler.php:58)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
23 unprotected

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Attack Surface

Entry Points73
Unprotected23

AJAX Handlers 39

authwp_ajax_embedpress_notice_dismissEmbedPress\Core.php:162
authwp_ajax_embedpress_notice_dismissEmbedPress\CoreLegacy.php:142
authwp_ajax_embedpress_do_ajax_requestEmbedPress\CoreLegacy.php:153
noprivwp_ajax_embedpress_do_ajax_requestEmbedPress\CoreLegacy.php:155
authwp_ajax_embedpress_get_embed_url_infoEmbedPress\CoreLegacy.php:158
authwp_ajax_delete_instagram_accountEmbedPress\Ends\Back\Handler.php:38
authwp_ajax_get_instagram_userdata_ajaxEmbedPress\Ends\Back\Handler.php:41
authwp_ajax_sync_instagram_data_ajaxEmbedPress\Ends\Back\Handler.php:51
noprivwp_ajax_sync_instagram_data_ajaxEmbedPress\Ends\Back\Handler.php:52
authwp_ajax_embedpress_elements_actionEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:24
authwp_ajax_embedpress_settings_actionEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:25
authwp_ajax_save_global_brand_imageEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:26
authwp_ajax_embedpress_dismiss_elementEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:27
authwp_ajax_embedpress_dismiss_feature_noticeEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:28
authwp_ajax_embedpress_clear_content_cacheEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:46
authwp_ajax_embedpress_dismiss_feature_noticeEmbedPress\Includes\Classes\FeatureNoticeManager.php:58
authwp_ajax_embedpress_skip_feature_noticeEmbedPress\Includes\Classes\FeatureNoticeManager.php:59
authwp_ajax_embedpress_view_feature_noticeEmbedPress\Includes\Classes\FeatureNoticeManager.php:60
authwp_ajax_youtube_rest_apiEmbedPress\Includes\Classes\Feature_Enhancer.php:37
noprivwp_ajax_youtube_rest_apiEmbedPress\Includes\Classes\Feature_Enhancer.php:38
authwp_ajax_save_source_dataEmbedPress\Includes\Classes\Feature_Enhancer.php:40
authwp_ajax_delete_source_dataEmbedPress\Includes\Classes\Feature_Enhancer.php:42
authwp_ajax_get_viewerEmbedPress\Includes\Classes\Feature_Enhancer.php:49
noprivwp_ajax_get_viewerEmbedPress\Includes\Classes\Feature_Enhancer.php:57
authwp_ajax_get_flipbook_viewerEmbedPress\Includes\Classes\Feature_Enhancer.php:66
noprivwp_ajax_get_flipbook_viewerEmbedPress\Includes\Classes\Feature_Enhancer.php:76
authwp_ajax_get_flipbook_templateEmbedPress\Includes\Classes\Feature_Enhancer.php:87
noprivwp_ajax_get_flipbook_templateEmbedPress\Includes\Classes\Feature_Enhancer.php:93
authwp_ajax_lock_content_form_handlerEmbedPress\Includes\Classes\Helper.php:34
noprivwp_ajax_lock_content_form_handlerEmbedPress\Includes\Classes\Helper.php:35
authwp_ajax_embedpress_gutenberg_password_checkEmbedPress\Includes\Classes\Helper.php:37
noprivwp_ajax_embedpress_gutenberg_password_checkEmbedPress\Includes\Classes\Helper.php:38
authwp_ajax_loadmore_data_handlerEmbedPress\Includes\Classes\Helper.php:41
noprivwp_ajax_loadmore_data_handlerEmbedPress\Includes\Classes\Helper.php:42
authwp_ajax_fetch_video_descriptionEmbedPress\Includes\Classes\Helper.php:45
noprivwp_ajax_fetch_video_descriptionEmbedPress\Includes\Classes\Helper.php:46
authwp_ajax_embedpress_mark_milestone_seenEmbedPress\MilestoneNotification.php:49
authwp_ajax_epgc_ajax_get_calendarEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:916
noprivwp_ajax_epgc_ajax_get_calendarEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:917

REST API Routes 29

GET/wp-json/embedpress/v1/oembed/(?P<provider>[a-zA-Z0-9\-]+)EmbedPress\Core.php:410
GET/wp-json/embedpress/v1/oembed/(?P<provider>[a-zA-Z0-9\-]+)EmbedPress\Core.php:419
POST/wp-json/embedpress/v1/send-feedbackEmbedPress\Core.php:663
POST/wp-json/embedpress/v1/analytics/trackEmbedPress\Includes\Classes\Analytics\REST_API.php:44
GET/wp-json/embedpress/v1/analytics/dataEmbedPress\Includes\Classes\Analytics\REST_API.php:75
GET/wp-json/embedpress/v1/analytics/contentEmbedPress\Includes\Classes\Analytics\REST_API.php:81
GET/wp-json/embedpress/v1/analytics/viewsEmbedPress\Includes\Classes\Analytics\REST_API.php:87
GET/wp-json/embedpress/v1/analytics/spline-chartEmbedPress\Includes\Classes\Analytics\REST_API.php:94
GET/wp-json/embedpress/v1/analytics/overviewEmbedPress\Includes\Classes\Analytics\REST_API.php:109
GET/wp-json/embedpress/v1/analytics/embed-detailsEmbedPress\Includes\Classes\Analytics\REST_API.php:141
GET/wp-json/embedpress/v1/analytics/milestonesEmbedPress\Includes\Classes\Analytics\REST_API.php:166
GET/wp-json/embedpress/v1/analytics/featuresEmbedPress\Includes\Classes\Analytics\REST_API.php:173
GET/wp-json/embedpress/v1/analytics/geoEmbedPress\Includes\Classes\Analytics\REST_API.php:180
GET/wp-json/embedpress/v1/analytics/deviceEmbedPress\Includes\Classes\Analytics\REST_API.php:187
GET/wp-json/embedpress/v1/analytics/browserEmbedPress\Includes\Classes\Analytics\REST_API.php:194
GET/wp-json/embedpress/v1/analytics/unique-viewers-per-embedEmbedPress\Includes\Classes\Analytics\REST_API.php:203
GET/wp-json/embedpress/v1/analytics/geoEmbedPress\Includes\Classes\Analytics\REST_API.php:210
GET/wp-json/embedpress/v1/analytics/referralEmbedPress\Includes\Classes\Analytics\REST_API.php:219
GET/wp-json/embedpress/v1/analytics/exportEmbedPress\Includes\Classes\Analytics\REST_API.php:257
POST/wp-json/embedpress/v1/analytics/browser-infoEmbedPress\Includes\Classes\Analytics\REST_API.php:290
GET/wp-json/embedpress/v1/analytics/milestonesEmbedPress\Includes\Classes\Analytics\REST_API.php:349
POST/wp-json/embedpress/v1/analytics/milestones/readEmbedPress\Includes\Classes\Analytics\REST_API.php:356
GET/wp-json/embedpress/v1/analytics/featuresEmbedPress\Includes\Classes\Analytics\REST_API.php:369
GET/wp-json/embedpress/v1/analytics/email-settingsEmbedPress\Includes\Classes\Analytics\REST_API.php:377
POST/wp-json/embedpress/v1/analytics/email-settingsEmbedPress\Includes\Classes\Analytics\REST_API.php:383
POST/wp-json/embedpress/v1/analytics/sync-countersEmbedPress\Includes\Classes\Analytics\REST_API.php:390
GET/wp-json/embedpress/v1/analytics/tracking-settingEmbedPress\Includes\Classes\Analytics\REST_API.php:401
POST/wp-json/embedpress/v1/analytics/cleanup-redundant-dataEmbedPress\Includes\Classes\Analytics\REST_API.php:408
GET/wp-json/embedpress/v1/analytics/performance-statsEmbedPress\Includes\Classes\Analytics\REST_API.php:424

Shortcodes 5

[embed_oembed_html] EmbedPress\Shortcode.php:83
[embedpress] EmbedPress\Shortcode.php:84
[embedpress_pdf] EmbedPress\Shortcode.php:85
[embedpress_doc] EmbedPress\Shortcode.php:86
[embedpress_calendar] EmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:931
WordPress Hooks 153
actionwp_enqueue_scriptsCore\AssetManager.php:452
actionadmin_enqueue_scriptsCore\AssetManager.php:453
actionwp_enqueue_scriptsCore\AssetManager.php:456
actionadmin_enqueue_scriptsCore\AssetManager.php:457
actionadmin_enqueue_scriptsCore\AssetManager.php:458
actionenqueue_block_assetsCore\AssetManager.php:459
actionenqueue_block_editor_assetsCore\AssetManager.php:462
actionelementor/frontend/after_enqueue_scriptsCore\AssetManager.php:465
actionelementor/editor/before_enqueue_scriptsCore\AssetManager.php:468
actionelementor/editor/after_enqueue_scriptsCore\AssetManager.php:470
filterscript_loader_tagCore\AssetManager.php:507
actioninitCore\init.php:25
actionplugins_loadedCore\LocalizationManager.php:569
actionamp_post_template_headEmbedPress\AMP\Adapter\Reddit.php:48
actionamp_post_template_headEmbedPress\AMP\Adapter\Twitter.php:51
actionadmin_menuEmbedPress\Analytics\Analytics.php:17
actionadmin_enqueue_scriptsEmbedPress\Analytics\Analytics.php:18
filterscript_loader_tagEmbedPress\Analytics\Analytics.php:56
actionin_admin_headerEmbedPress\Core.php:82
actionep_admin_noticesEmbedPress\Core.php:83
actionep_admin_noticesEmbedPress\Core.php:84
filterupload_mimesEmbedPress\Core.php:86
actionwp_mail_failedEmbedPress\Core.php:88
filteroembed_providersEmbedPress\Core.php:137
actionrest_api_initEmbedPress\Core.php:138
actioninitEmbedPress\Core.php:149
filterplugin_action_links_embedpress/embedpress.phpEmbedPress\Core.php:154
filterpp_embed_parsed_contentEmbedPress\Core.php:171
filterfl_builder_before_render_shortcodesEmbedPress\Core.php:174
filteroembed_providersEmbedPress\Core.php:191
actionrest_api_initEmbedPress\Core.php:192
filterpp_embed_parsed_contentEmbedPress\Core.php:204
filterfl_builder_before_render_shortcodesEmbedPress\Core.php:207
actionin_admin_headerEmbedPress\CoreLegacy.php:77
actionep_admin_noticesEmbedPress\CoreLegacy.php:78
actionep_admin_noticesEmbedPress\CoreLegacy.php:79
actioninitEmbedPress\CoreLegacy.php:136
filterplugin_action_links_embedpress/embedpress.phpEmbedPress\CoreLegacy.php:138
actionadmin_enqueue_scriptsEmbedPress\CoreLegacy.php:141
actioninitEmbedPress\CoreLegacy.php:143
actioninitEmbedPress\CoreLegacy.php:144
actionadmin_enqueue_scriptsEmbedPress\CoreLegacy.php:149
actioninitEmbedPress\CoreLegacy.php:163
filterpp_embed_parsed_contentEmbedPress\CoreLegacy.php:175
filterfl_builder_before_render_shortcodesEmbedPress\CoreLegacy.php:178
filterrewrite_rules_arrayEmbedPress\CoreLegacy.php:194
filterteeny_mce_before_initEmbedPress\CoreLegacy.php:357
filtertiny_mce_before_initEmbedPress\CoreLegacy.php:358
filterembed_oembed_discoverEmbedPress\DisablerLegacy.php:53
filtertiny_mce_pluginsEmbedPress\DisablerLegacy.php:65
filterload_default_embedsEmbedPress\DisablerLegacy.php:73
filterrewrite_rules_arrayEmbedPress\DisablerLegacy.php:80
filterwp_maybe_load_embedsEmbedPress\DisablerLegacy.php:83
filterthe_contentEmbedPress\DisablerLegacy.php:93
filterhttp_request_host_is_externalEmbedPress\DisablerLegacy.php:97
actiontiny_mce_before_initEmbedPress\DisablerLegacy.php:99
actionelementor/editor/after_enqueue_scriptsEmbedPress\Elementor\Elementor_Upsale.php:12
actionelementor/elements/categories_registeredEmbedPress\Elementor\Embedpress_Elementor_Integration.php:27
actionelementor/widgets/widgets_registeredEmbedPress\Elementor\Embedpress_Elementor_Integration.php:28
actionelementor/widgets/registerEmbedPress\Elementor\Embedpress_Elementor_Integration.php:29
filteroembed_providersEmbedPress\Elementor\Embedpress_Elementor_Integration.php:30
actionelementor/editor/after_enqueue_scriptsEmbedPress\Elementor\Embedpress_Elementor_Integration.php:37
filterembedpress_should_modify_spotifyEmbedPress\Elementor\Widgets\Embedpress_Elementor.php:4412
actioninitEmbedPress\Ends\Back\Handler.php:44
actionadmin_enqueue_scriptsEmbedPress\Ends\Back\Handler.php:48
actionadmin_enqueue_scriptsEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:16
actionadmin_menuEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:17
actioninitEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:18
actionadmin_initEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:21
actionadmin_initEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:109
actionadmin_footerEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:216
filteradmin_menuEmbedPress\Ends\Back\Settings\EmbedpressSettings.php:219
actioninitEmbedPress\Gutenberg\BlockManager.php:103
actionadmin_enqueue_scriptsEmbedPress\Gutenberg\BlockManager.php:104
actionadmin_enqueue_scriptsEmbedPress\Gutenberg\BlockManager.php:105
filterrender_blockEmbedPress\Gutenberg\FallbackHandler.php:40
filterrender_block_dataEmbedPress\Gutenberg\FallbackHandler.php:41
actioninitEmbedPress\Gutenberg\InitBlocks.php:56
actioninitEmbedPress\Includes\Classes\Analytics\Analytics_Manager.php:113
actionembedpress_content_embeddedEmbedPress\Includes\Classes\Analytics\Analytics_Manager.php:118
actionrest_api_initEmbedPress\Includes\Classes\Analytics\Analytics_Manager.php:122
actionembedpress_daily_milestone_checkEmbedPress\Includes\Classes\Analytics\Analytics_Manager.php:125
actionadmin_noticesEmbedPress\Includes\Classes\Analytics\Analytics_Manager.php:341
actionsave_postEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:34
actionwp_trash_postEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:35
actionuntrash_postEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:36
actiondelete_postEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:37
actionelementor/editor/after_saveEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:40
actionrest_after_insert_postEmbedPress\Includes\Classes\Analytics\Content_Cache_Manager.php:43
actioninitEmbedPress\Includes\Classes\Analytics\Email_Reports.php:42
actionembedpress_weekly_analytics_reportEmbedPress\Includes\Classes\Analytics\Email_Reports.php:45
actionembedpress_monthly_analytics_reportEmbedPress\Includes\Classes\Analytics\Email_Reports.php:46
actionadmin_initEmbedPress\Includes\Classes\Analytics\Email_Reports.php:49
actioninitEmbedPress\Includes\Classes\EmbedPress_Core_Installer.php:26
actioninitEmbedPress\Includes\Classes\EmbedPress_Notice.php:107
actioninitEmbedPress\Includes\Classes\EmbedPress_Notice.php:109
actionadmin_noticesEmbedPress\Includes\Classes\EmbedPress_Notice.php:207
actionadmin_noticesEmbedPress\Includes\Classes\EmbedPress_Notice.php:210
actionadmin_footer-plugins.phpEmbedPress\Includes\Classes\EmbedPress_Plugin_Usage_Tracker.php:171
actionextend_customplayer_controlsEmbedPress\Includes\Classes\Extend_CustomPlayer_Controls.php:12
actionextend_elementor_controlsEmbedPress\Includes\Classes\Extend_Elementor_Controls.php:12
actionadmin_footerEmbedPress\Includes\Classes\FeatureNoticeManager.php:57
actionadmin_menuEmbedPress\Includes\Classes\FeatureNoticeManager.php:63
actioninitEmbedPress\Includes\Classes\FeatureNotices.php:45
filterembedpress:onAfterEmbedEmbedPress\Includes\Classes\Feature_Enhancer.php:21
filterembedpress:onAfterEmbedEmbedPress\Includes\Classes\Feature_Enhancer.php:22
filterembedpress:onAfterEmbedEmbedPress\Includes\Classes\Feature_Enhancer.php:24
filterembedpress:onAfterEmbedEmbedPress\Includes\Classes\Feature_Enhancer.php:25
filterembedpress:onAfterEmbedEmbedPress\Includes\Classes\Feature_Enhancer.php:26
filterembedpress:onAfterEmbedEmbedPress\Includes\Classes\Feature_Enhancer.php:27
filterembedpress_gutenberg_youtube_paramsEmbedPress\Includes\Classes\Feature_Enhancer.php:29
actioninitEmbedPress\Includes\Classes\Feature_Enhancer.php:34
actionembedpress_gutenberg_wistia_block_after_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:35
actionelementor/widget/embedpres_elementor/skins_initEmbedPress\Includes\Classes\Feature_Enhancer.php:36
actionembedpress_gutenberg_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:39
actionsave_postEmbedPress\Includes\Classes\Feature_Enhancer.php:41
actionload-post.phpEmbedPress\Includes\Classes\Feature_Enhancer.php:43
actionembedpress:isEmbraEmbedPress\Includes\Classes\Feature_Enhancer.php:44
actionelementor/editor/after_saveEmbedPress\Includes\Classes\Feature_Enhancer.php:45
actionwp_headEmbedPress\Includes\Classes\Feature_Enhancer.php:47
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:554
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:555
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:556
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:557
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:558
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:559
filterembedpress_elementor_embedEmbedPress\Includes\Classes\Feature_Enhancer.php:560
filterembedpress_pro_features_enabledEmbedPress\Includes\Classes\Helper.php:1178
actionadmin_noticesEmbedPress\Includes\Classes\Helper.php:1181
actionadmin_headEmbedPress\Includes\Classes\Helper.php:1184
actionadmin_noticesEmbedPress\Includes\Traits\Shared.php:295
actionadmin_footerEmbedPress\MilestoneNotification.php:43
actionadmin_enqueue_scriptsEmbedPress\MilestoneNotification.php:46
filterembedpress_render_dynamic_contentEmbedPress\Providers\GooglePhotos.php:55
filterembedpress_render_dynamic_contentEmbedPress\Providers\InstagramFeed.php:82
filtersafe_style_cssEmbedPress\Providers\Meetup.php:209
filterembedpress_render_dynamic_contentEmbedPress\Providers\OpenSea.php:137
filterembedpress_render_dynamic_contentEmbedPress\Providers\Wistia.php:64
actionadmin_noticesEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:444
filterremovable_query_argsEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:906
actionadmin_initEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:911
actionadmin_post_epgc_calendarlistEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:919
actionadmin_post_epgc_colorlistEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:922
actionadmin_post_epgc_deletecacheEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:923
actionadmin_post_epgc_verifyEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:929
actionwp_enqueue_scriptsEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:932
actionadmin_post_epgc_remove_privateEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:934
actionadmin_post_epgc_authorizeEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:939
actionadmin_initEmbedPress\ThirdParty\Googlecalendar\Embedpress_Google_Helper.php:941
actionembedpress_cache_cleanup_actionembedpress.php:88
actionplugins_loadedembedpress.php:109
filterembedpress_excluded_height_sourcesembedpress.php:184
actioninitembedpress.php:188

Scheduled Events 4

embedpress_daily_milestone_check
embedpress_weekly_analytics_report
embedpress_monthly_analytics_report
embedpress_cache_cleanup_action
Maintenance & Trust

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version5.6
Downloads5.2M

Community Trust

Rating96/100
Number of ratings285
Active installs100K
Alternatives

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Alternatives

Document Embedder Addons for Elementor – Embed Documents in Elementor Websites

Document Embedder Addons for Elementor – Embed Documents in Elementor Websites

document-embedder-addons-for-elementor

A
100

Document Embedder Addons for Elementor makes it simple to embed PDFs, Word docs, and others into your pages, no downloads or redirects needed.

6K No CVEs
Custom iFrame – Embed PDFs, Videos, and External Content in WordPress (Elementor & Gutenberg)

Custom iFrame – Embed PDFs, Videos, and External Content in WordPress (Elementor & Gutenberg)

custom-iframe

A
99

Easily embed secure, SEO-friendly, and responsive iFrames in WordPress using Elementor or Gutenberg with lazy loading, auto-height adjustment, and dyn &hellip;

3K 1 CVE
Easy Document Embedder – Embed Word, excel, Powerpoint, Pdf file and more..

Easy Document Embedder – Embed Word, excel, Powerpoint, Pdf file and more..

easy-document-embedder

A
85

Document embedding on a website is a common thing we need to do regularly. By using this plugin you can embed all the common files like PDF, Word, XLS &hellip;

500 No CVEs
Simple Google Docs Viewer

Simple Google Docs Viewer

simple-google-docs-viewer

A
85

Easily embed documents like PDFs, Word documents, and Powerpoint in your site using Google Docs Viewer.

300 No CVEs
PDF Embedder

PDF Embedder

pdf-embedder

A
100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE
Developer Profile

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
163 days
View full developer profile
Detection Fingerprints

How We Detect EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/embedpress/Gutenberg/build/embedpress-editor.min.css/wp-content/plugins/embedpress/Gutenberg/build/embedpress-editor.min.js/wp-content/plugins/embedpress/Gutenberg/build/editor-assets.min.js/wp-content/plugins/embedpress/Gutenberg/build/editor.asset.php/wp-content/plugins/embedpress/assets/css/vendor/plyr.css/wp-content/plugins/embedpress/assets/css/vendor/carousel.min.css/wp-content/plugins/embedpress/assets/css/frontend.css/wp-content/plugins/embedpress/assets/css/frontend.min.css+5 more
Script Paths
/wp-content/plugins/embedpress/assets/js/frontend.js/wp-content/plugins/embedpress/assets/js/vendor/plyr.js/wp-content/plugins/embedpress/assets/js/frontend.min.js/wp-content/plugins/embedpress/assets/js/vendor/carousel.min.js/wp-content/plugins/embedpress/Gutenberg/build/embedpress-editor.min.js/wp-content/plugins/embedpress/assets/js/embedpress-frontend-init.js
Version Parameters
/wp-content/plugins/embedpress/assets/css/frontend.css?ver=/wp-content/plugins/embedpress/assets/js/frontend.js?ver=/wp-content/plugins/embedpress/assets/css/frontend.min.css?ver=/wp-content/plugins/embedpress/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
embedpress-playerembedpress-wrapperembedpress-responsive-videoembedpress-video-playerembedpress-container
HTML Comments
<!-- EmbedPress --><!-- End EmbedPress --><!-- EmbedPress Block --><!-- End EmbedPress Block -->+4 more
Data Attributes
data-embedpress-videodata-embedpress-audiodata-embedpress-playlistdata-embedpress-iddata-embedpress-type
JS Globals
EmbedPress
Shortcode Output
[embedpress][embedpress_playlist][embedpress_gallery][embedpress_pdf]
FAQ

Frequently Asked Questions about EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more