Ohmymex

**Name of the Vulnerable Software and Affected Versions** Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress versions up to and including 2.0.0 **Description** The Document Embedder plugin for WordPress is susceptible to unauthorized access, modification, and potential data loss. This is caused by insufficient authorization checks within the `bplde save document library`, `bplde get all`, `bplde get single`, and `bplde delete document library` functions. This allows unauthenticated attackers to create, read, update, and delete arbitrary `document library` posts. **Recommendations** Versions prior to and including 2.0.0 should be updated to a newer, fixed version, if available. As a temporary workaround, consider restricting access to the vulnerable functions `bplde save document library`, `bplde get all`, `bplde get single`, and `bplde delete document library` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Progress Planner versions prior to 1.8.1 **Description** An incorrect privilege assignment exists in Progress Planner, potentially allowing privilege escalation. **Recommendations** Update Progress Planner to version 1.8.1 or later.