cleantalk
Vulnerabilities and Security Researches

Document Embedder, CVE-2025-12384

CVE, Research URL

CVE-2025-12384

Home page URL

Security reports for Document Embedder

Application

Document Embedder

Published on
Nov 05, 2025
Research Description
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.
Affected versions
max 2.0.1.
Status
vulnerable
Previous vulnerability researches
wpNamedUsers (CVE-2025-48083) , Nov 10, 2025
New vulnerability
TopBar (CVE-2025-10300) , Nov 11, 2025
Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more! (CVE-2025-60204) , Nov 11, 2025
Quick Featured Images (CVE-2025-11176) , Nov 11, 2025
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-11587) , Nov 11, 2025
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-11632) , Nov 11, 2025