Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Document Embedder – Embed PDFs, Word, Excel, and Other Files

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2026-1389
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 07:27
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde_save_document_library', 'bplde_get_single', and 'bplde_delete_document_library' AJAX actions. This makes it possible for authenticated attackers, with Author-level access and above, to read, modify, and delete Document Library entries created by other users, including administrators, via the 'id' parameter.

Action-Not Available
Vendor-bplugins
Product-Document Embedder – Embed PDFs, Word, Excel, and Other Files
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-12384
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.6||HIGH
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 06:35
Updated-06 Nov, 2025 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.

Action-Not Available
Vendor-bplugins
Product-Document Embedder – Embed PDFs, Word, Excel, and Other Files
CWE ID-CWE-862
Missing Authorization