CVE-2025-12384

Name of the Vulnerable Software and Affected Versions Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress versions up to and including 2.0.0

Description The Document Embedder plugin for WordPress is susceptible to unauthorized access, modification, and potential data loss. This is caused by insufficient authorization checks within the bplde save document library, bplde get all, bplde get single, and bplde delete document library functions. This allows unauthenticated attackers to create, read, update, and delete arbitrary document library posts.

Recommendations Versions prior to and including 2.0.0 should be updated to a newer, fixed version, if available. As a temporary workaround, consider restricting access to the vulnerable functions bplde save document library, bplde get all, bplde get single, and bplde delete document library until a patch is available.