Vulnerabilities and security researches fordocument-emberdder document-emberdder

Nov 11, 2025

CVE, Research URL: CVE-2025-12384
Home page URL: Security reports for Document Embedder
Application: Document Embedder
Date: Nov 05, 2025
Research Description: The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.
Affected versions: max 2.0.1.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2021-24868
Home page URL: Security reports for Document Embedder
Application: Document Embedder
Date: Feb 01, 2022
Research Description: The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.
Affected versions: max 1.7.9.
Status: vulnerable

CVE, Research URL: CVE-2021-24775
Home page URL: Security reports for Document Embedder
Application: Document Embedder
Date: Feb 01, 2022
Research Description: The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
Affected versions: max 1.7.6.
Status: vulnerable