Filtered by vendor Bplugins
Subscriptions
Filtered by product Document Embedder
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12384 | 2 Bplugins, Wordpress | 2 Document Embedder, Wordpress | 2025-11-06 | 8.6 High |
| The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts. | ||||
| CVE-2021-24868 | 1 Bplugins | 1 Document Embedder | 2024-11-21 | 4.3 Medium |
| The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. | ||||
| CVE-2021-24775 | 1 Bplugins | 1 Document Embedder | 2024-11-21 | 5.3 Medium |
| The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. | ||||
Page 1 of 1.