Unauthorized Access in Document Embedder Plugin for WordPress
CVE-2025-12384

8.6HIGH

Key Information:

Vendor: WordPress
Status: Document Embedder – Embed PDFs, Word, Excel, And Other Files
Vendor: CVE Published:; 5 November 2025

What is CVE-2025-12384?

The Document Embedder plugin for WordPress is susceptible to unauthorized access, allowing unauthenticated attackers to exploit multiple functions, including 'bplde_save_document_library', 'bplde_get_all', 'bplde_get_single', and 'bplde_delete_document_library'. This vulnerability enables attackers to create, read, update, and delete arbitrary document library posts, potentially leading to data loss and compromised document security. Users are encouraged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Document Embedder – Embed PDFs, Word, Excel, and Other Files * <= 2.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?old=3359820&...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

ohmymex

JSON