cleantalk
Vulnerabilities and Security Researches

Document Embedder, CVE-2025-12384

CVE, Research URL

CVE-2025-12384

Home page URL

Security reports for Document Embedder

Application

Document Embedder

Published on
Nov 05, 2025
Research Description
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.
Affected versions
max 2.0.1.
Status
vulnerable
Previous vulnerability researches
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2024-32107) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (562ea416d85a2049d70ab426e7463803d31cd817) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2024-1120) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2024-30485) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2023-47180) , Jun 10, 2024
New vulnerability
WPC Smart Quick View for WooCommerce (CVE-2025-11741) , Nov 11, 2025
Outdoor (CVE-2025-10743) , Nov 11, 2025
WP AD Gallery (CVE-2025-11834) , Nov 11, 2025
MSTW CSV EXPORTER (CVE-2025-62944) , Nov 11, 2025
TopBar (CVE-2025-10300) , Nov 11, 2025