[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJM0z74gMPpurR4_tUgNt4PZ9QSytY35ZqPBY9-ctrmY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2025-12384","document-embedder-embed-pdfs-word-excel-and-other-files-missing-authorization-to-unauthenticated-document-manipulation","Document Embedder – Embed PDFs, Word, Excel, and Other Files \u003C= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation","The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access\u002Fmodification\u002Floss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the \"bplde_save_document_library\", \"bplde_get_all\", \"bplde_get_single\", and \"bplde_delete_document_library\" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.","document-emberdder",null,"\u003C=2.0.0","2.0.1","high",8.6,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:H\u002FA:L","Missing Authorization","2025-11-04 17:38:20","2025-11-05 06:35:03",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Feb7e4e96-a4ff-4c6c-91de-c0e5ba78f0da?source=api-prod",1]